Path sensitive static analysis of web applications for remote code execution vulnerability detection

Proceedings - International Conference on Software Engineering

Volumn , Issue , 2013, Pages 652-661

  Zheng, Yunhui ^a   Zhang, Xiangyu ^a  

^a Purdue University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS CONTROL PROTOCOL; CONTEXT-SENSITIVE; EXECUTION PATHS; INTER-PROCEDURAL ANALYSIS; PATH SENSITIVES; PROTOTYPE SYSTEM; SECURITY THREATS; VULNERABILITY DETECTION;

APPLICATIONS; STATIC ANALYSIS; WORLD WIDE WEB;

SOFTWARE ENGINEERING;

EID: 84886397020     PISSN: 02705257     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICSE.2013.6606611     Document Type: Conference Paper

References (35)

1. http://www.cs.purdue.edu/homes/zheng16/rce/index.html.
2. OWASP PHP Top 5. https://www.owasp.org/index.php/PHP Top 5.
3. IBM threat reports. http://www.ibm.com/services/us/iss/xforce/ trendreports/.
4. Phc: open source PHP compiler. http://www.phpcompiler.org/.
5. M. Alkhalaf, T. Bultan, S. Roy Choudhary, M. Fazzini, A. Orso and C. Kruegel. ViewPoints: Differential String Analysis for Discovering Client and Server-Side Input Validation Inconsistencies In ISSTA'12.
6. G. Antoniol, M. D. Penta and M. Zazzara. Understanding Web Applications through Dynamic Analysis. IWPC'04
7. S. Artzi, A. Kiezun, J. Dolby, F. Tip, D. Dig, A. Paradkar and M. Ernst. Finding bugs in dynamic web applications. ISSTA'08
8. M. Balduzzi, C. T. Gimenez, D. Balzarotti and E. Kirda. Automated Discovery of Parameter Pollution Vulnerabilities in Web Applications. In NDSS'11.
9. D. Bates, A. Barth and C. Jackson. Regular expressions considered harmful in client-side XSS filters. In WWW'10.
10. C. Bezemer, A. Mesbah and A. Deursen Automated security testing of web widget interactions. In FSE'09.
11. P. Bisht, T. Hinrichs, N. Skrupsky and V. N. Venkatakrishnan. WAPTEC: whitebox analysis of web applications for parameter tampering exploit construction. In CCS'11.
12. N. Bjørner, N. Tillmann and A. Voronkov. Path Feasibility Analysis for String-Manipulating Programs. In TACAS '09.
13. E. Clarke, D. Kroening, F. Lerda. A Tool for Checking ANSI-C Programs. In TACAS'04.
14. M. Das, S. Lerner, M. Seigel. ESP: path-sensitive program verification in polynomial time. In PLDI'02.
15. S. G. Elbaum, S. Karre and G. Rothermel. Improving Web Application Testing with User Session Data. In ICSE'03.
16. M. V. Gundy and H. Chen. Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site Scripting Attacks. In NDSS'09.
17. W. Halfond, S. Anand and A. Orso. Precise Interface Identification to Improve Testing and Analysis of Web Applications. In ISSTA'09.
18. W. Halfond and A. Orso. Preventing SQL injection attacks using AMNESIA. In ICSE'06.
19. P. Hooimeijer and W. Weimer. Solving string constraints lazily. In ASE'10.
20. A. Kiezun, V. Ganesh, P. J. Guo, P. Hooimeijer and M. D. Ernst. HAMPI: a solver for string constraints. In ISSTA'09.
21. M. T. Louw and V. N. Venkatakrishnan. Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers. In SP'09.
22. R. Milner. A theory of type polymorphism in programming. Journal of Computer and System Sciences, 1978.
23. Y. Nadji, P. Saxena and D. Song. Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense. In NDSS'09.
24. H. Samimi, M. Schafer, S. Artzi, T. Millstein, F. Tip and L. Hendren. Automated repair of HTML generation errors in PHP applications using string constraint solving. In ICSE 2012.
25. P. Saxena, D. Akhawe, S. Hanna, F. Mao, S. McCamant and D. Song. A Symbolic Execution Framework for JavaScript. In SP'10.
26. P. Saxena, D. Molnar, B. Livshits. SCRIPTGARD: automatic context-sensitive sanitization for large-scale legacy web applications. In CCS'11.
27. F. Sun, L. Xu and Z. Su. Static Detection of Access Control Vulnerabilities in Web Applications. In USENIX Security 2011.
28. T. Tateishi, M. Pistoia and O. Tripp. Path-and index-sensitive string analysis based on monadic second-order logic. In ISSTA'11
29. O. Tripp, M. Pistoia, S. Fink, M. Sridharan and O. Weisman. TAJ: effective taint analysis of web applications. In PLDI'09
30. M. Veanes, P. Hooimeijer, B. Livshits, D. Molnar and N. Bjørner. Symbolic finite state transducers: algorithms and applications. In POPL'12.
31. G. Wassermann and Z. Su. Sound and Precise Analysis of Web Applications for Injection Vulnerabilities. In PLDI'07.
32. Y. Xie and A. Aiken. Saturn: A scalable framework for error detection using Boolean satisfiability. In ACM Trans. Program. Lang. Syst. May, 2007.
33. F. Yu, M. Alkhalaf and T. Bultan. Patching Vulnerabilities with Sanitization Synthesis. In ICSE'11.
34. F. Yu, T. Bultan and B. Hardekopf. String Abstractions for String Verification. In SPIN'11.
35. Y. Zheng and X. Zhang. Static Detection of Resource Contention Problems in Server-Side Scripts. In ICSE'12.