A master thesis from Aalborg University
THAPS: Detection of Web Application Vulnerabilities
Author(s)
Term
4. term
Education
Publication year
2012
Submitted on
2012-06-07
Pages
41 pages
Abstract
This report presents THAPS, a vulnerability scanning tool for PHP web applications. The tool explores two new ways of analyzing web applications by extending the traditional static analysis with a model analysis, and by combining the static analysis with a dynamic analysis. The extended static analysis allows the tool to analyze the extensions of modular systems, such as WordPress and TYPO3, without having to analyze the core system. The combined approach allows for analyzing custom built application with few entry points. The problem with these types of applications is that they cannot be modeled and analyzed in bits, and they are too large to analyze in a single analysis. Using the combination approach the tool can split the code to analyze in bits and still give results. This also allows for analyzing newly added features to these systems as well. The result of the project is 30 new confirmed vulnerabilities, 29 in WordPress modules and one in a core TYPO3 extension. Additionally it has been used to identify 33 vulnerabilities in a newly established company's web application.
Documents
Colophon: This page is part of the AAU Student Projects portal, which is run by Aalborg University. Here, you can find and download publicly available bachelor's theses and master's projects from across the university dating from 2008 onwards. Student projects from before 2008 are available in printed form at Aalborg University Library.
If you have any questions about AAU Student Projects or the research registration, dissemination and analysis at Aalborg University, please feel free to contact the VBN team. You can also find more information in the AAU Student Projects FAQs.