| Web Applications have become one of the most important communication channels and they are suffering from more and more attacking. With the evolution of Web development technologies, nowadays web applications are developed by PHP and other dynamic scripting language, instead of static HTML. PHP is widely used to develop web applications. Because PHP is easy to learn, many PHP developers know nothing about web security, it comes no surprise that PHP web applications are usual targets of cyber-attacks.Attacks on PHP Web applications are increasing, so code reviews are necessary before the website deployment. But manual code reviews are time-consuming and costly, and skills requirements are very high, so automated analysis tools are needed. Static analysis and dynamic analysis can be selected, this paper uses static analysis. Static analysis of PHP is difficult due to some features found in PHP, for example, dynamic weak typing and run-time source inclusion.This paper uses flow-sensitive, context-sensitive and inter-procedural dataflow analysis and is realized based on Facebook HHVM. In order to support PHP language feature the paper presents a method to model PHP variables. Using this method the paper realizes the alias analysis. In order to improve the precision of the results the paper also uses automata-based string analysis. This paper also proposes a method to define rules. The rules define the sensitive source, sensitive sink and vulnerability pattern.The vulnerabilities targeted at are cross-site scripting (XSS) and injection vulnerabilities. All of them are taint-style vulnerabilities where tainted input flow into risk functions without any sanitization. |
PDF Full Text Request