Add to ORKGAbstract. Tainted variable attacks, common in server-side scripting languages, such as PHP, originate from program inputs maliciously crafted to exploit soft-ware vulnerabilities. These vulnerabilities can be detected via data-flow analy-ses, which iteratively compute the abstract state (“tainted ” or “clean”) associ-ated to every program variable at each program point. Existing algorithms for this problem have a worst-case cubic time on the number of program variables – an issue for large programs. This paper presents a quadratic-time algorithm to tackle the tainted flow problem. We have implemented our analysis on top of phc, an open source PHP compiler, and have scanned over 13 thousand PHP files, obtaining 130 warnings, out of which 41 ...
The importance of Web applications has increased continually in recent years. As more and more servi...
Memory corruption vulnerabilities that lead to control-flow hijacking attacks are a common problem f...
Software vulnerabilities are security threats that exist in an application and may enable users to e...
Abstract. Tainted flow attacks originate from program inputs mali-ciously crafted to exploit softwar...
We present a novel method for static analysis in which we combine data-flow analysis with machine le...
The Web today is a growing universe of pages and applications teeming with interactive content. The...
SQL injection and cross-site scripting are two of the most common security vulnerabilities that plag...
The number and the importance of Web applications have increased rapidly over the last years. At the...
Abstract—The World Wide Web grew rapidly during the last decades and is used by millions of people e...
We present a technique for finding security vulnerabilitiesin Web applications. SQL Injection (SQLI)...
Static analysis of source code is used for auditing web applications to detect the vulnerabilities. ...
In this paper, we apply a well-known measure from information theory domain called Kullback-Leibler ...
With the widespread adoption of dynamic web applications in recent years, a number of threats to the...
This paper is intended to be a summary of the ideas provided by Yichen Xie & Alex Aiken [1]. The...
Possibly, reason for that insecurity of web applications is the fact many programmers lack appropria...
The importance of Web applications has increased continually in recent years. As more and more servi...
Memory corruption vulnerabilities that lead to control-flow hijacking attacks are a common problem f...
Software vulnerabilities are security threats that exist in an application and may enable users to e...
Abstract. Tainted flow attacks originate from program inputs mali-ciously crafted to exploit softwar...
We present a novel method for static analysis in which we combine data-flow analysis with machine le...
The Web today is a growing universe of pages and applications teeming with interactive content. The...
SQL injection and cross-site scripting are two of the most common security vulnerabilities that plag...
The number and the importance of Web applications have increased rapidly over the last years. At the...
Abstract—The World Wide Web grew rapidly during the last decades and is used by millions of people e...
We present a technique for finding security vulnerabilitiesin Web applications. SQL Injection (SQLI)...
Static analysis of source code is used for auditing web applications to detect the vulnerabilities. ...
In this paper, we apply a well-known measure from information theory domain called Kullback-Leibler ...
With the widespread adoption of dynamic web applications in recent years, a number of threats to the...
This paper is intended to be a summary of the ideas provided by Yichen Xie & Alex Aiken [1]. The...
Possibly, reason for that insecurity of web applications is the fact many programmers lack appropria...
The importance of Web applications has increased continually in recent years. As more and more servi...
Memory corruption vulnerabilities that lead to control-flow hijacking attacks are a common problem f...
Software vulnerabilities are security threats that exist in an application and may enable users to e...