Jump to content
Nytro

RIPS - A static source code analyser for vulnerabilities in PHP scripts

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

RIPS - A static source code analyser for

vulnerabilities in PHP scripts

Johannes Dahse

Seminar Work

at

Chair for Network and Data Security

Prof. Dr. Jörg Schwenk

advised through Dominik Birk

23.08.2010

Contents
1 Introduction 1
2 Motivation 2
3 Web application security 3
3.1 Cross-Site Scripting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3.2 SQL Injection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.3 Other vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
4 Static source code analysis 7
4.1 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
4.2 Model construction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
4.3 Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
4.3.1 Taint analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
4.3.2 Intraprocedural and interprocedural analysis . . . . . . . . . . . . . . . 9
4.4 Results processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
5 RIPS implementation 11
5.1 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
5.2 Model construction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
5.2.1 Lexical and semantic analysis . . . . . . . . . . . . . . . . . . . . . . 12
5.2.2 Parsing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
5.2.3 Control flow analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
5.3 Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
5.3.1 Taint analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
5.3.2 Intraprocedural and interprocedural analysis . . . . . . . . . . . . . . . 16
5.4 Web interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
5.5 Scan results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
5.6 Limitations and future work . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
6 Related work 22
7 Summary 24

Download:

http://garr.dl.sourceforge.net/project/rips-scanner/rips-paper.pdf

Sursa: Papers

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...