AAU Student Projects - visit Aalborg University's student projects portal
A master's thesis from Aalborg University
Book cover


Eir - Static Vulnerability Detection in PHP Applications

Translated title

Eir - Statisk Sårbarheds Analyse i PHP Applikationer

Authors

; ;

Term

4. term

Education

Software, Master

Publication year

2015

Submitted on

Pages

70

Abstract

Denne afhandling præsenterer Eir, et værktøj til statisk analyse, der scanner PHP-applikationer for to udbredte web-sårbarheder: cross-site scripting (XSS) og SQL-injektion (SQLi). Statisk analyse undersøger koden uden at køre den. Eir kan finde både reflekterede og lagrede sårbarheder - problemer, der enten viser sig med det samme, når data sendes tilbage til brugeren, eller som bliver gemt og dukker op senere. Prototypen bruger mønstermatchning til at finde, hvor data lagres, og viser, at man kan afsløre lagrede sårbarheder ved at matche par af indgående og udgående data i koden. Projektet omfatter også modellering af store rammeværk, så udvidelser som WordPress-plugins kan analyseres effektivt. Med denne modellering fandt Eir 66 nye, bekræftede sårbarheder i WordPress-plugins, heraf 17 lagrede.

This thesis introduces Eir, a static analysis tool that scans PHP applications for two common web vulnerabilities: cross-site scripting (XSS) and SQL injection (SQLi). Static analysis examines code without running it. Eir can find both reflected and stored vulnerabilities - issues that either appear immediately when data is sent back to a user, or persist by being written to storage and used later. The prototype uses pattern matching to identify where data is stored and shows that matching pairs of inputs and outputs in code can reveal stored vulnerabilities. The project also models large web frameworks so that extensions such as WordPress plugins can be analyzed effectively. With this modeling, Eir identified 66 new, confirmed vulnerabilities in WordPress plugins, including 17 stored issues.

[This abstract was generated with the help of AI]

Keywords

Statisk ; analyse ; Eir ; sårbarhedsanalyse ; sårbarheder ; xss ; cross-site scripting ; sql ; sqli ; sql injection ; injection ; lattice ; php ; static ; analysis ; c# ; plugins ; wordpress ; extensions ; extensibility ; drupal ; stored ; vulnerabilities ; data flow ; cfg ; control flow ; control flow graph ; data flow analysis ; taint analysis ; taint ; untaint ; taint tracking ; awesome

Documents

Download
View record in AAU Student Projects