SAFERPHP:查找PHP应用程序中的语义漏洞

ACM Workshop on Programming Languages and Analysis for Security Pub Date : 2011-06-05 DOI:10.1145/2166956.2166964

Sooel Son, Vitaly Shmatikov

{"title":"SAFERPHP:查找PHP应用程序中的语义漏洞","authors":"Sooel Son, Vitaly Shmatikov","doi":"10.1145/2166956.2166964","DOIUrl":null,"url":null,"abstract":"Web applications are vulnerable to semantic attacks such as denial of service due to infinite loops caused by malicious inputs and unauthorized database operations due to missing security checks. Unlike \"conventional\" threats such as SQL injection and cross-site scripting, these attacks exploit bugs in the logic of the vulnerable application and cannot be discovered using data-flow analysis alone.\n We give the first characterization of these types of vulnerabilities in PHP applications, develop novel inter-procedural algorithms for discovering them in PHP source code, and implement these algorithms as part of SaferPHP, a framework for static security analysis of PHP applications. SaferPHP uncovered multiple, previously unreported vulnerabilities in several popular Web applications.","PeriodicalId":119000,"journal":{"name":"ACM Workshop on Programming Languages and Analysis for Security","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"62","resultStr":"{\"title\":\"SAFERPHP: finding semantic vulnerabilities in PHP applications\",\"authors\":\"Sooel Son, Vitaly Shmatikov\",\"doi\":\"10.1145/2166956.2166964\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Web applications are vulnerable to semantic attacks such as denial of service due to infinite loops caused by malicious inputs and unauthorized database operations due to missing security checks. Unlike \\\"conventional\\\" threats such as SQL injection and cross-site scripting, these attacks exploit bugs in the logic of the vulnerable application and cannot be discovered using data-flow analysis alone.\\n We give the first characterization of these types of vulnerabilities in PHP applications, develop novel inter-procedural algorithms for discovering them in PHP source code, and implement these algorithms as part of SaferPHP, a framework for static security analysis of PHP applications. SaferPHP uncovered multiple, previously unreported vulnerabilities in several popular Web applications.\",\"PeriodicalId\":119000,\"journal\":{\"name\":\"ACM Workshop on Programming Languages and Analysis for Security\",\"volume\":\"38 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-06-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"62\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Workshop on Programming Languages and Analysis for Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2166956.2166964\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Workshop on Programming Languages and Analysis for Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2166956.2166964","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 62

摘要

Web应用程序容易受到语义攻击，例如由于恶意输入导致的无限循环而拒绝服务，以及由于缺少安全检查而导致的未经授权的数据库操作。与SQL注入和跨站点脚本等“传统”威胁不同，这些攻击利用易受攻击的应用程序逻辑中的错误，并且无法仅使用数据流分析来发现。我们首次描述了PHP应用程序中的这些类型的漏洞，开发了新的过程间算法，用于在PHP源代码中发现它们，并将这些算法作为SaferPHP的一部分实现，SaferPHP是一个PHP应用程序静态安全分析框架。SaferPHP在几个流行的Web应用程序中发现了多个以前未报告的漏洞。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

SAFERPHP: finding semantic vulnerabilities in PHP applications

Web applications are vulnerable to semantic attacks such as denial of service due to infinite loops caused by malicious inputs and unauthorized database operations due to missing security checks. Unlike "conventional" threats such as SQL injection and cross-site scripting, these attacks exploit bugs in the logic of the vulnerable application and cannot be discovered using data-flow analysis alone. We give the first characterization of these types of vulnerabilities in PHP applications, develop novel inter-procedural algorithms for discovering them in PHP source code, and implement these algorithms as part of SaferPHP, a framework for static security analysis of PHP applications. SaferPHP uncovered multiple, previously unreported vulnerabilities in several popular Web applications.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

ACM Workshop on Programming Languages and Analysis for Security

自引率

0.00%

发文量

期刊最新文献

Faceted execution of policy-agnostic programs Position paper: the science of boxing Knowledge inference for optimizing secure multi-party computation Fault-tolerant non-interference: invited talk abstract WEBLOG: a declarative language for secure web development