Automatically Hardening Web Applications
Developing secure web applications is a difficult task even for expert programmers. The simple and natural ways of creating a web application are prone to SQL injection attacks and cross-site scripting attacks as well as other less common vulnerabilities. In response, many tools have been developed for detecting or mitigating common web application vulnerabilities. Unfortunately, existing techniques either require effort from the site developer or are prone to false positives.
The PHPrevent project seeks to provide a fully automated approach to securely hardening web applications. It is based on enhancing traditional taint mode analysis by precisely tracking taintedness of data and checking specifically for dangerous content only in parts of commands and output that came from untrustworthy sources. Unlike previous work in which everything that is derived from tainted input is tainted, our approach precisely tracks taintedness within data values. This enables us to precisely check and filter for malicious inputs and dramaticaly reduce the rate of false positives.
While the concept of precise tainting is applicable to many environments, we have chosen to focus on PHP due to its growing market acceptance (PHP is currently installed with 50% of all Apache servers.)
- Salvatore Guarnieri
- Jeffrey Shirley
- Doug Greene
- Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, David Evans.
- Twentieth IFIP International Information Security Conference (SEC 2005).
- 30 May - 1 June 2005, Chiba, Japan. (PDF, 12 pages)
Automatically Hardening Web Applications Using Precise Tainting (PPT)
- (Salvatore Guarnieri). IFIP Security 2005, Chiba, Japan. June 1 2005.
Related Projects by the PIs
- Genesis: Security through Diversity
- IPA — Inexpensive Program Analysis
- Physicrypt — Physical Cryptography and Security Group
- Swarm Computing
The source code is available for download to researchers. Please contact firstname.lastname@example.org for information.