论文信息 - A static backward taint data analysis method for detecting web application vulnerabilities

A static backward taint data analysis method for detecting web application vulnerabilities

This paper addresses detecting taint-style vulnerabilities in PHP code. It extends classical taint-style model with an element called “cleans”, which is used to specify sanitation routines. Based on the new model, a static backward taint data analysis method is proposed to detecting taint-style vulnerabilities. This method includes four key steps, first of which is collecting sinks and constructing contexts, the second is backward tracing variables during a basic block, the third is tracing variables between blocks, and the last is tracing variables crossing function call. A tool called POSE implements this method and testing results show that the method is valid for detecting taint-style web application vulnerabilities.

Qingxian Wang | Xuexiong Yan | Hengtai Ma

[1] Benjamin Livshits,et al. Securing web applications with static and dynamic information flow tracking , 2008, PEPM '08.

[2] Alessandro Orso,et al. A Classification of SQL Injection Attacks and Countermeasures , 2006, ISSSE.

[3] Alexander Aiken,et al. Static Detection of Security Vulnerabilities in Scripting Languages , 2006, USENIX Security Symposium.

[4] Christopher Krügel,et al. Pixy: a static analysis tool for detecting Web application vulnerabilities , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[5] Collin Jackson,et al. Robust defenses for cross-site request forgery , 2008, CCS.

[6] Chris Anley,et al. Advanced SQL Injection In SQL Server Applications , 2002 .

[7] D. T. Lee,et al. Securing web application code by static analysis and runtime protection , 2004, WWW '04.

[8] Marco Vieira,et al. phpSAFE: A Security Analysis Tool for OOP Web Application Plugins , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[9] Thorsten Holz,et al. Simulation of Built-in PHP Features for Precise Static Code Analysis , 2014, NDSS.