Static Analysis for Detecting Taint-Style Vulnerabilities in Web Applications
The number and the importance of web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, error-prone and costly, the need for automated solutions has become evident. In this paper, the authors address the problem of vulnerable web applications by means of static source code analysis. More precisely, the authors use flow-sensitive, inter-procedural and context-sensitive data flow analysis to discover vulnerable points in a program. In addition to the taint analysis at the core of the engine, they employ a precise alias analysis targeted at the unique reference semantics commonly found in scripting languages.