WeVerca: Web Applications Veri cation for PHP (Tool Paper)?
نویسنده
چکیده
Static analysis of web applications developed in dynamic languages is a challenging yet very important task. In this paper, we present WeVerca, a framework that allows one to de ne static analyses of PHP applications. It supports dynamic type system, dynamic method calls, dynamic data structures, etc. These common features of dynamic languages cause implementation of static analyses to be either imprecise or overly complex. Our framework addresses this problem by de ning enduser static analyses independently of value and heap analyses necessary just to resolve these features. As our results show, taint analysis de ned using the framework found more real problems and reduced the number of false positives comparing to existing state-of-the-art analysis tools for PHP.
منابع مشابه
Framework for Static Analysis of PHP Applications (Artifact)
This artifact is based on Weverca, a static analyzer framework for PHP applications. The aim of Weverca is to provide developers with a framework that would allow for an easy implementation of custom static analyses of PHP, while not coping with the dynamic language issues. The framework processes the input source code in two phases. In the first phase, the program-point graph is constructed, w...
متن کاملUsing Maude for the Formal Veri cation of Websites ∗ Sonia Flores
In this paper we address the problem of formal veri cation of websites by using declarative languages. In particular, we rst de ne a model for websites which can intuitively be speci ed by using Maude. The model is dened to be well suited for the formal veri cation of dynamic as well as static properties of the system. A website is de ned as a collection of web pages which are semantically conn...
متن کاملWeb Application Protection with the WAP Tool
In two decades the web became a standard framework for Internet applications. This involved changing from an initially simple hypermedia access platform to a complex blob of different technologies. This complexity associated to the increasing filtering of TCP/UDP ports everywhere in the Internet, turned web applications into favourite targets for cyber-criminals. The Web Application Protection ...
متن کاملReifier: Model-Driven Engineering of Component-Based and Service-Oriented JEE Applications
This paper aims at presenting Reifier, a tool for prototyping modules of JEE applications by the means of a model-driven development. Web services are de ned as parametric components which enables to express web service patterns, to verify them formally and to reuse them in other contexts. Although Reifier requires developers to implement components compliantly to a lightweight API, it provides...
متن کاملSpeci cation and Veri cation of Data driven Web Services
We study data driven Web services provided by Web sites interacting with users or applications The Web site can access an underlying database as well as state information updated as the interaction pro gresses and receives user input The structure and contents of Web pages as well as the actions to be taken are determined dynamically by querying the underlying database as well as the state and ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2014