DocumentCode
3657099
Title
phpSAFE: A Security Analysis Tool for OOP Web Application Plugins
Author
Paulo Jorge Costa Nunes;José ;Marco Vieira
Author_Institution
Polytech. Inst. of Guarda, Univ. of Coimbra, Guarda, Portugal
fYear
2015
fDate
6/1/2015 12:00:00 AM
Firstpage
299
Lastpage
306
Abstract
There is nowadays an increasing pressure to develop complex Web applications at a fast pace. The vast majority is built using frameworks based on third-party server-side plugins that allow developers to easily add new features. However, as many plugin developers have limited programming skills, there is a spread of security vulnerabilities related to their use. Best practices advise the use of systematic code review for assure security, but free tools do not support OOP, which is how most Web applications are currently developed. To address this problem we propose phpSAFE, a static code analyzer that identifies vulnerabilities in PHP plugins developed using OOP. We evaluate phpSAFE against two well-known tools using 35 plugins for a widely used CMS. Results show that phpSAFE clearly outperforms other tools, and that plugins are being shipped with a considerable number of vulnerabilities, which tends to increase over time.
Keywords
"Security","Software","Databases","Arrays","Filtering","Context","Measurement"
Publisher
ieee
Conference_Titel
Dependable Systems and Networks (DSN), 2015 45th Annual IEEE/IFIP International Conference on
Type
conf
DOI
10.1109/DSN.2015.16
Filename
7266859
Link To Document