PHPWander: A Static Vulnerability Analysis Tool for PHP

PHP is a leading server-side scripting language for developing dynamic web sites. Given the prevalence, PHP applications have become the common targets of attacks. One cannot rely on the programmers alone to deliver a vulnerability-free code. Automated tools can help discovering these vulnerabilities. We present PHPWander, a static vulnerability analysis tool for PHP written in PHP. As modern PHP applications are written in object-oriented manner, the tool is able to process object-oriented code as well.

Tags: PHP, vulnerability, security, static analysis, taint analysis, language based security, semantic analysis By Pavel Jurasek
Published May 29, 2018 7:35 AM - Last modified May 29, 2018 12:16 PM
E-mail this page

Thesis document (pdf)

 

git repo