Eir - Static Vulnerability Detection in PHP Applications
Translated title
Eir - Statisk Sårbarheds Analyse i PHP Applikationer
Term
4. term
Education
Publication year
2015
Submitted on
2015-06-03
Pages
70
Abstract
This report presents a static vulnerability analysis tool called Eir, created for scanning PHP applications for XSS and SQLi vulnerabilities. The tool uses known theories in the field of static analysis. It is able to detect reflected as well as stored vulnerabilities. Using pattern matching to find storage locations, this prototype shows that it is possible to find stored vulnerabilities by matching pairs of incoming and outgoing data sets in a static analysis. The tool also looks into modeling of large frameworks to scan extensions such as WordPress plugins. Modeling a large amount of functionality made it possible to detect a large amount of vulnerabilities in WordPress plugins. Eir was able to detect 66 new confirmed vulnerabilities in WordPress plugins, where 17 of these were stored vulnerabilities.
Keywords
Statisk ; analyse ; Eir ; sårbarhedsanalyse ; sårbarheder ; xss ; cross-site scripting ; sql ; sqli ; sql injection ; injection ; lattice ; php ; static ; analysis ; c# ; plugins ; wordpress ; extensions ; extensibility ; drupal ; stored ; vulnerabilities ; data flow ; cfg ; control flow ; control flow graph ; data flow analysis ; taint analysis ; taint ; untaint ; taint tracking ; awesome
Documents