Javascript must be enabled for the correct page display

Automated Security Review of PHP Web Applications with Static Code Analysis

Poel, N.L. de (2010) Automated Security Review of PHP Web Applications with Static Code Analysis. Master's Thesis / Essay, Computing Science.

INF-MA-2010-N.L._de_Poel.pdf - Published Version

Download (673kB) | Preview


Static code analysis is a class of techniques for inspecting the source code of a computer program without executing it. One specific use of static analysis is to automatically scan source code for potential security problems, reducing the need for manual code reviews. Many web applications written in PHP suffer from injection vulnerabilities, and static analysis makes it possible to track down these vulnerabilities before they are exposed on the web. In this thesis, we evaluate the current state of static analysis tools targeted at the security of PHP web applications. We define an objective benchmark consisting of both synthetic and real-world tests, that we use to examine the capabilities and performance of these tools. With this information, we determine if any of these tools are suited for use in a system that automatically checks the security of web applications, and rejects unsecure applications before they are deployed onto a web server.

Item Type: Thesis (Master's Thesis / Essay)
Degree programme: Computing Science
Thesis type: Master's Thesis / Essay
Language: English
Date Deposited: 15 Feb 2018 07:31
Last Modified: 15 Feb 2018 07:31

Actions (login required)

View Item View Item