Stranger: An automata-based string analysis tool for php

Abstract. STRANGER is an automata-based string analysis tool for finding and eliminating string-related security vulnerabilities in PHP applications. STRANGER uses symbolic forward and backward reachability analyses to compute the possi-ble values that the string expressions can take during program execution. STRANGER can automatically (1) prove that an application is free from speci-fied attacks or (2) generate vulnerability signatures that characterize all malicious inputs that can be used to generate attacks.