Abstract. In this paper we describe the THAPS vulnerability scanner for PHP web applications. THAPS is based on symbolic execution of PHP with specialised support for scanning extensions and plug-ins of larger application frameworks. We further show how THAPS can inte-grate the results of dynamic analyses, generated by a customised web crawler, into the static analysis. This enables analysis of often used ad-vanced dynamic features such as dynamic code load and reflection. To the best of our knowledge, THAPS is the first tool to apply this approach and the first tool with specific support for analysis of plug-ins. In order to verify our approach, we have scanned 375 WordPress plug-ins and a commercial (monolithic) web application, resulting...
The amount of websites have increased rapidly during the last years. While websites consisted mostly...
Unrestricted file upload vulnerabilities enable attackers to upload malicious scripts to a web serve...
Static code analysis is a class of techniques for inspecting the source code of a computer program w...
In this paper we describe the THAPS vulnerability scanner for PHP web applications. THAPS is based o...
Abstract—The World Wide Web grew rapidly during the last decades and is used by millions of people e...
Abstract—In two decades the web became a standard framework for Internet applications. This involved...
Increasingly, web applications handle sensitive data and interface with critical back-end components...
Abstract—In recent years, focus of business world has been moved towards the Internet. Web applicati...
The number and the importance of Web applications have increased rapidly over the last years. At the...
The importance of Web applications has increased continually in recent years. As more and more servi...
There is nowadays an increasing pressure to develop complex web applications at a fast pace. The vas...
Dynamic languages, such as PHP and JavaScript, are widespread and heavily used. They pro-vide dynami...
With the widespread adoption of dynamic web applications in recent years, a number of threats to the...
With the increase of global accessibility of web applications, maintaining a reasonable security lev...
Tese de mestrado, Engenharia Informática (Arquitetura, Sistemas e Redes de Computadores) Universidad...
The amount of websites have increased rapidly during the last years. While websites consisted mostly...
Unrestricted file upload vulnerabilities enable attackers to upload malicious scripts to a web serve...
Static code analysis is a class of techniques for inspecting the source code of a computer program w...
In this paper we describe the THAPS vulnerability scanner for PHP web applications. THAPS is based o...
Abstract—The World Wide Web grew rapidly during the last decades and is used by millions of people e...
Abstract—In two decades the web became a standard framework for Internet applications. This involved...
Increasingly, web applications handle sensitive data and interface with critical back-end components...
Abstract—In recent years, focus of business world has been moved towards the Internet. Web applicati...
The number and the importance of Web applications have increased rapidly over the last years. At the...
The importance of Web applications has increased continually in recent years. As more and more servi...
There is nowadays an increasing pressure to develop complex web applications at a fast pace. The vas...
Dynamic languages, such as PHP and JavaScript, are widespread and heavily used. They pro-vide dynami...
With the widespread adoption of dynamic web applications in recent years, a number of threats to the...
With the increase of global accessibility of web applications, maintaining a reasonable security lev...
Tese de mestrado, Engenharia Informática (Arquitetura, Sistemas e Redes de Computadores) Universidad...
The amount of websites have increased rapidly during the last years. While websites consisted mostly...
Unrestricted file upload vulnerabilities enable attackers to upload malicious scripts to a web serve...
Static code analysis is a class of techniques for inspecting the source code of a computer program w...