Abstract
In this paper we describe the THAPS vulnerability scanner for PHP web applications. THAPS is based on symbolic execution of PHP with specialised support for scanning extensions and plug-ins of larger application frameworks. We further show how THAPS can integrate the results of dynamic analyses, generated by a customised web crawler, into the static analysis. This enables analysis of often used advanced dynamic features such as dynamic code load and reflection. To the best of our knowledge, THAPS is the first tool to apply this approach and the first tool with specific support for analysis of plug-ins.
In order to verify our approach, we have scanned 375 WordPress plug-ins and a commercial (monolithic) web application, resulting in 68 and 28 confirmed vulnerabilities respectively.
In order to verify our approach, we have scanned 375 WordPress plug-ins and a commercial (monolithic) web application, resulting in 68 and 28 confirmed vulnerabilities respectively.
Original language | English |
---|---|
Title of host publication | Proceedings of the 17th Nordic Conference on Secure IT-Systems (NordSec 2012) |
Volume | 7617 |
Publisher | Springer |
Publication date | 2012 |
Pages | 31-46 |
ISBN (Print) | 978-3-642-34209-7 |
ISBN (Electronic) | 978-3-642-34210-3 |
DOIs | |
Publication status | Published - 2012 |
Event | 17th Nordic Conference, NordSec 2012: Secure IT Systems - Karslkrona, Sweden Duration: 31 Oct 2012 → 2 Nov 2012 Conference number: 17 |
Conference
Conference | 17th Nordic Conference, NordSec 2012 |
---|---|
Number | 17 |
Country/Territory | Sweden |
City | Karslkrona |
Period | 31/10/2012 → 02/11/2012 |
Series | Lecture Notes in Computer Science |
---|---|
Volume | 7617 |
ISSN | 0302-9743 |