Efficient and Flexible Discovery of PHP Application Vulnerabilities
PHP is one of most used programming language for web application. In this paper the authors aim to provide a way to analyze PHP applications source code in order to detect vulnerabilities in an efficient manner. To accomplish this goal, a concepts called "Code Property Graphs" has been employed. These graphs are generated for a given PHP code and stored in a graph database such as Neo4j. Then graph traversal can be used to detect vulnerabilities. Code Property Graph represents the source code of the application and to help in detecting vulnerabilities it have information such as the control flow and information flow of the application in question. A Code Property Graph is a combination of Abstract Syntax Tree, Control Flow Graphs, Program Dependence Graphs and Call Graphs. The paper examined a number of well-known vulnerabilities such as SQL Injection and XSS and shows the steps of detecting those vulnerabilities by using Code Property Graph in two steps. The proposed method in the paper has been evaluated on 1,854 PHP projects in GitHub (80 million lines of code).
Tweet
For Programmers Series are documents provided by ResearchCoders that explain the ideas of the paper for the programmers, you can download them from here. Please note that we always recommend to read the original paper also for better understanding.
If you've got an idea that has not mentioned in the original research and you think adding it to implemenations can be useful, you can share your idea here.