The Study And Implementation Of Web Application Vulnerabilities Detection Technologies Accelerated By GPU

With the development of information technology,the number of Web applications increases rapidly.It has become an indispensable part of people's life.However,the impact of damage caused by Web application security vulnerabilities has grown as well,causing great harm to people's normal life and work.Since manual code reviews are time-consuming,errorprone and costly,the need for automated solutions has become evident.PHP is one of most widely used language in the developing of Web applications.So,study on PHP Web application vulnerabilities detection technology has vital practical significance.Firstly,this paper provides an overview of security vulnerabilities and detecting technologies,then focusing on static analysis technology.The static analysis technology of PHP application converts PHP source files into parse trees,then the parse trees are transformed into an intermediate program representation called three-address code that roughly resembles assembly code.At last,corresponding control flow graphs are built based on the three-address code.Data flow analyses mainly focus on sources and sensitive sinks based on the control flow graphs are conducted to track whether tainted data can propagate into Web application without sanitation.A potential vulnerability is found if it is not sanitized.More specifically,dependence trees generated to represent the sensitive sinks of XSS vulnerabilities can be used to detect XSS vulnerabilities,and automatons generated to represent the sensitive sinks of SQLI vulnerabilities can be used to detect whether the semantics of SQL is vulnerable.However,the size of practical web application is usually huge,the number of nodes in dependence trees converted from PHP files is always large.Traditional single-thread method based on CPU has a time complexity of O(n),which is not acceptable when processing a large quantity of Web applications.To solve this problem,we proposed a novel multi-thread method based on GPU to decrease the time complexity to O(log(n)).As to automatons of SQLI sensitive sinks,traditional single-thread method based on CPU has also a time complexity of O(n),we proposed a novel multi-thread method on based GPU to decrease the time complexity to O(1).Experiment results shows that multi-thread methods based on GPU dramatically accelerate the detecting of vulnerabilities in Web applications.