This report presents THAPS, a vulnerability scanning tool for PHP web applications. The tool explores two new ways of analyzing web applications by extending the traditional static analysis with a model analysis, and by combining the static analysis with a dynamic analysis.
The extended static analysis allows the tool to analyze the extensions of modular systems, such asWordPress and TYPO3,without having to analyze the core system. The combined approach allows for analyzing custom built application with few entry points. The problem with these types of applications is that they cannot be modeled and analyzed in bits, and they are too large to analyze in a single analysis. Using the combination approach the tool can split the code to analyze in bits and still give results. This also allows for analyzing newly added features to these systems as well.
The result of the project is 30 new confirmed vulnerabilities, 29 inWordPress modules and one in a core TYPO3 extension. Additionally it has been used to identify 33 vulnerabilities in a newly established company’s web application.More
This report presents an analysis of: Common web application vulnerabilities, a number of techniques to detect vulnerabilities, and tools based on those techniques.
The vulnerabilities are analyzed with regards to their nature, what damage they can cause, and how they can be prevented in web applications. The technique analysis discusses different approaches that can be taken in order to detect vulnerabilities in web applications. Finally 13 tools have been tested and compared against three real web applications and a test application, and the four tools that gave the best results have been tested further to identify their properties.
The result of the analysis is a proposal of a tool that addresses the shortcomings of the analyzed tools. The tool is targeted web application developers to be used during and after development to test the application for common vulnerabilitiesMore