Author(s): Johannes Dahse, Thorsten Holz

Download: Paper (PDF)

Date: 22 Feb 2014

Document Type: Briefing Papers

Additional Documents: Slides

Associated Event: NDSS Symposium 2014

Abstract:

PHP is the most popular and diverse scripting language on the Web. We introduce a new static code analyzer that precisely models built-in PHP features and their interaction. Our evaluation shows that this is the key for vulnerability detection in modern applications.