Referenced Items are not available for this document.
The automatic identification of security vulnerabilities is a critical issue in the development of web-based applications. We present a methodology and tool for vulnerability identification based on symbolic code execution exploiting Static Taint Analysis to improve the efficiency of the analysis. The tool targets PHP web applications, and demonstrates the effectiveness of our approach in identifying cross-site scripting and SQL injection vulnerabilities on both NIST synthetic benchmarks and real world applications. It proves to be faster and more effective than its main competitors, both open source and commercial.
Published in:
Information Technology: New Generations (ITNG), 2012 Ninth International Conference on
Date of Conference: 16-18 April 2012
- Page(s):
- 189 - 194
- Print ISBN:
- 978-1-4673-0798-7
- INSPEC Accession Number:
- 12771181
- Conference Location :
- Las Vegas, NV
- Digital Object Identifier :
- 10.1109/ITNG.2012.167
- Product Type:
- Conference Publications
About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies
A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2013 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.
