PHP-based Web Vulnerability Discovery Research

With the widespread use of the web application program,increasingly more security vulnerabilities of web application program have been found,and the influence range has been getting larger.With its powerful functions and high code execution efficiency,PHP is widely used to develop web applications.But many developers know nothing about web security,it comes no surprise that PHP web applications are usual targets of cyber-attacks.Therefore,the study of Web vulnerability mining for PHP application is an important means to determine the credibility of PHP application,which has important theoretical and practical value.This thesis first classifies the common vulnerabilities of PHP applications,and analyzes the causes of each type of vulnerability and the performance of the vulnerability code in the source code.Then,the thesis studies the vulnerability mining technology of several PHP applications,introduces the analysis principle and technical realization of the vulnerability mining technology,there are mainly symbolic execution that use the symbolic value simulator to perform the technique,taint analysis that use the stain value as input and trace it to find the vulnerability.And taking the SQL injection vulnerability and XSS injection vulnerability in PHP application program as example,the thesis summerizes the corresponding vulnerability pattern.Subsequently the research on PHP-based web vulnerability discovery Research is carried out.The main work is as follows:1.A procedural summary method based on vulnerability feature information is proposed.This method can reduce the time efficiency problem caused by repeated expansion and analysis of the function in the process of dynamic symbolic execution by generating the function summary information containing the vulnerability characteristics.2.The program slice method based on path feature is proposed,and the path is pruned and merged to solve the problem of path explosion in the process of dynamic symbolic execution,combined with the vulnerability information contained in the path.3.Taint analysis and dynamic symbolic execution are combined,Dynamic symbolic execution has the ability to generate path constraint,negate the path constraint and guide the test case's generation,this can slove the problem of low path coverage caused by taint analysis whose test case can not select path.Based on the method above,this paper implements the web vulnerability detecting prototype system of PHP application program named “PHPVS”.The effectiveness experiments and time efficiency experiments are carried out for the system,the experimental results show that the method is effective and the time efficiency is improved.