Charles Explorer logo
🇨🇿

WeVerca: Web Applications Verification for PHP

Publikace na Matematicko-fyzikální fakulta |
2014

Tento text není v aktuálním jazyce dostupný. Zobrazuje se verze "en".Abstrakt

Static analysis of web applications developed in dynamic languages is a challenging yet very important task. In this paper, we present WeVerca, a framework that allows one to define static analyses of PHP applications.

It supports dynamic type system, dynamic method calls, dynamic data structures, etc. These common features of dynamic languages cause implementation of static analyses to be either imprecise or overly complex.

Our framework addresses this problem by defining end-user static analyses independently of value and heap analyses necessary just to resolve these features. As our results show, taint analysis defined using the framework found more real problems and reduced the number of false positives comparing to existing state-of-the-art analysis tools for PHP.