PHP Aspis: Using Partial Taint Tracking to Protect Against Injection Attacks

Free registration required

Executive Summary

Web applications are increasingly popular victims of security attacks. Injection attacks, such as Cross Site Scripting or SQL Injection, are a persistent problem. Even though developers are aware of them, the suggested best practices for protection are error prone: unless all user input is consistently filtered, any application may be vulnerable. When hosting web applications, administrators face a dilemma: they can only deploy applications that are trusted or they risk their system's security. To prevent injection vulnerabilities, the authors introduce PHP Aspis: a source code transformation tool that applies partial taint tracking at the language level.

  • Format: PDF
  • Size: 247.4 KB