Skip to main content
Conference Proceedings

THAPS: Automated vulnerability scanning of PHP applications

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2012) 7617 LNCS 31-46
DOI: 10.1007/978-3-642-34210-3_3
16Citations
Citations of this article
23Readers
Mendeley users who have this article in their library.
Get full text

Abstract

In this paper we describe the THAPS vulnerability scanner for PHP web applications. THAPS is based on symbolic execution of PHP with specialised support for scanning extensions and plug-ins of larger application frameworks. We further show how THAPS can integrate the results of dynamic analyses, generated by a customised web crawler, into the static analysis. This enables analysis of often used advanced dynamic features such as dynamic code load and reflection. To the best of our knowledge, THAPS is the first tool to apply this approach and the first tool with specific support for analysis of plug-ins. In order to verify our approach, we have scanned 375 WordPress plug-ins and a commercial (monolithic) web application, resulting in 68 and 28 confirmed vulnerabilities respectively. © 2012 Springer-Verlag.

Cite

CITATION STYLE

APA

Jensen, T., Pedersen, H., Olesen, M. C., & Hansen, R. R. (2012). THAPS: Automated vulnerability scanning of PHP applications. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7617 LNCS, pp. 31–46). https://doi.org/10.1007/978-3-642-34210-3_3

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free