TChecker
Changhua Luo, Penghui Li, Wei Meng
2022Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security28 citationsDOI
Abstract
PHP applications provide various interfaces for end-users to interact with on the Web. They thus are prone to taint-style vulnerabilities such as SQL injection and cross-site scripting. For its high efficiency, static taint analysis is widely adopted to detect taint-style vulnerabilities before application deployment. Unfortunately, due to the high complexity of the PHP language, implementing a precise static taint analysis is difficult. The existing taint analysis solutions suffer from both high false positives and high false negatives because of their incomprehensive inter-procedural analysis and a variety of implementation issues.
Topics & Concepts
Computer scienceSQL injectionScripting languageCross-site scriptingTaint checkingFalse positive paradoxVariety (cybernetics)Static analysisWeb applicationWorld Wide WebOperating systemWeb application securityProgramming languageWeb serviceSoftwareArtificial intelligenceSearch engineWeb developmentQuery by ExampleWeb search queryWeb Application Security VulnerabilitiesSecurity and Verification in ComputingSoftware Testing and Debugging Techniques