![]() | Only 14 pages are availabe for public view |
Abstract With the increase of global accessibility of web applications, maintaining a reasonable security level for both user data and server resources have become an extremely challenging issue, therefore, security review has gain significant prominence, and given the fact that manual source code review might consume a lot of time and money. Hence, automating static code analysis tools can help developers to minimize both time and costs. In this thesis, a new static analysis model is proposed in order to detect potential security flaws in PHP 5.3 source code, it is implemented in java and outputs reports in HTML format. It is designed to detect most of known taint-style security vulnerabilities. The empirical results show that the proposed system is feasible, and able to contribute to the security of real –world web application. The proposed prototype managed to detect 94 % of security vulnerabilities found in the testing benchmarks; this clearly indicates the accuracy and robustness of the proposed model. |