Biblioteca Digital do IPG: phpSAFE: A Security Analysis Tool for OOP Web Application Plugins

	Sobre o Repositório

Percorrer:
	Comunidades & Colecções
	Títulos
	Autores
	Assuntos
	Por Data

Entrar:
	Serviço de Alertas
	Meu Repositório utilizadores autorizados
	Editar Conta


	Guias

Biblioteca Digital do IPG >
Escola Superior de Tecnologia e Gestão (ESTG) >
Artigos em Acta de Conferência Internacional (ESTG) >

Utilize este identificador para referenciar este registo: http://hdl.handle.net/10314/3243

Título:	phpSAFE: A Security Analysis Tool for OOP Web Application Plugins
Autores:	Nunes, Paulo Fonseca, José Carlos
Palavras Chave:	Static analysis Web application plugins Ssecurity Vulnerabilities
Data:	Jun-2015
Resumo:	There is nowadays an increasing pressure to develop complex web applications at a fast pace. The vast majority is built using frameworks based on third-party server-side plugins that allow developers to easily add new features. However, as many plugin developers have limited programming skills, there is a spread of security vulnerabilities related to their use. Best practices advise the use of systematic code review for assure security, but free tools do not support OOP, which is how most web applications are currently developed. To address this problem we propose phpSAFE, a static code analyzer that identifies vulnerabilities in PHP plugins developed using OOP. We evaluate phpSAFE against two well-known tools using 35 plugins for a widely used CMS. Results show that phpSAFE clearly outperforms other tools, and that plugins are being shipped with a considerable number of vulnerabilities, which tends to increase over time.
URI:	http://hdl.handle.net/10314/3243
Aparece nas Colecções:	Artigos em Acta de Conferência Internacional (ESTG)

Ficheiros deste Registo:

Ficheiro	Descrição	Tamanho	Formato
Ata Cientifica_josecarlosfonseca.pdf		291Kb	Adobe PDF	Ver/Abrir

Sugerir este item a um colega