| With the emergence of network products such as renren and microblog, internet applications based on Web environment are used more and more widely. As one of the most popular services, web applications constructed by PHP still suffers from various security vulnerabilities. Therefore, this paper does a research on the security of PHP web applications, which includes summarizing the existing vulnerability scanning techniques and analyzing security vulnerabilities in PHP web applications. The main contributions of this paper can be summarized as follows:1) This paper summarizes and analyzes the common security vulnerabilities in PHP web applications. Defensive measures against these vulnerabilities are also proposed.2) This paper gives a summary about the existing vulnerability scanning techniques and an analysis about the functionalities and weaknesses of the common web security scanning tools.3) This paper designs a platform that can be used to detect security vulnerabilities for PHP web applications in Python. Based on this platform, four plugins are developed to detect security vulnerabilities such as SQL injection, file inclusion, PHP code injection and code execution for PHP web applications.Compared to Wvs and W3af, this platform carries out a very efficient way on detecting these vulnerabilities in PHP web applications. |
PDF Full Text Request