• Home

  • Documents

  • Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of...
40
Static Detection of Second-Order Vulnerabilities in Web Applications Johannes Dahse and Thorsten Holz Ruhr-University Bochum USENIX Security ’14, 20-22 August 2014, San Diego, CA, USA

Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

  • Upload
    others

  • View
    11

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

Static Detection of Second-Order Vulnerabilities in Web Applications

Johannes Dahse and Thorsten HolzRuhr-University Bochum

USENIX Security ’14, 20-22 August 2014, San Diego, CA, USA

Page 2: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

2

„First-Order“ Vulnerabilities

<?php $name = $_POST['name']; // ', 1), (version(), 1)-- - $sql = “INSERT INTO users VALUES ('$name', '$pwd')“; mysql_query($sql);?>

● SQL injection

1. Introduction2. Implementation3. Evaluation4. Conclusion

user input

application

send!“*$()&/'\

Page 3: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

3

Sanitization

<?php $name = mysql_real_escape_string($_POST['name']); $sql = “INSERT INTO users VALUES ('$name', '$pwd')“; mysql_query($sql);?>

● SQL injection (prevented)

1. Introduction2. Implementation3. Evaluation4. Conclusion

user input

application

send!“*$()&/'\

Page 4: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

4

Second-Order Vulnerability (1)

<?php $name = mysql_real_escape_string($_POST['name']); $sql = “INSERT INTO users VALUES ('$name', '$pwd')“; mysql_query($sql);?>

● Database Write

1. Introduction2. Implementation3. Evaluation4. Conclusion

user input

application database

send

write

Page 5: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

5

Second-Order Vulnerability (2)● Database Read

1. Introduction2. Implementation3. Evaluation4. Conclusion

user input

application database

send

write

<?php $result = mysql_query('SELECT * FROM users'); $row = mysql_fetch_assoc($result); echo $row['name'];?>

read

Page 6: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

6

Multi-Step Exploit (1)

1. Introduction2. Implementation3. Evaluation4. Conclusion

database

<?php $name = $_POST['name']; // ', 'payload')-- - $sql = “INSERT INTO users VALUES ('$name', '$pwd')“; mysql_query($sql);?>

● First-Order SQL injection

user input

application

send!“*$()&/'\

Page 7: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

7

Multi-Step Exploit (1)

1. Introduction2. Implementation3. Evaluation4. Conclusion

database

write

<?php $name = $_POST['name']; // ', 'payload')-- - $sql = “INSERT INTO users VALUES ('$name', '$pwd')“; mysql_query($sql);?>

● Exploit First-Order SQL injection

user input

application

send

Page 8: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

8

Multi-Step Exploit (2)

1. Introduction2. Implementation3. Evaluation4. Conclusion

database

read

● Second-Order Command Execution

application

request

<?php $result = mysql_query('SELECT * FROM users'); $row = mysql_fetch_assoc($result); system('htpasswd -b .htpasswd Admin '.$row['pwd']);?>

Page 9: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

9

Second-Order Vulnerabilities

1. Introduction2. Implementation3. Evaluation4. Conclusion

● $_GET● $_POST● $_COOKIE● $_FILES● $_SERVER...

● Databases● File Names● $_SESSION (File Content) ...

● Cross-Site Scripting● SQL Injection● Code Execution● File Inclusion● File Disclosure ...

User input Persistent Data Store (PDS) Sensitive Sink

1. 2.

Page 10: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

10

Second-Order Vulnerabilities

1. Introduction2. Implementation3. Evaluation4. Conclusion

● $_GET● $_POST● $_COOKIE● $_FILES● $_SERVER...

● Databases● File Names● $_SESSION (File Content) ...

● Cross-Site Scripting● SQL Injection● Code Execution● File Inclusion● File Disclosure ...

User input Sensitive Sink

1. 2.

Persistent Data Store (PDS)

Page 11: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

11

Our Approach

● Static Code Analysis (no access to environment)● Analyze writes and reads to persistent data stores● Connect input and output points at the end of the analysis

to detect second-order and multi-step vulnerabilities

1. Introduction2. Implementation3. Evaluation4. Conclusion

Page 12: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

12

Source: http://rewalls.com

2. Implementation

1. Introduction2. Implementation3. Evaluation4. Conclusion

(Overview)

Page 13: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

13

1. Introduction2. Implementation3. Evaluation4. Conclusion

First-Order Taint Analysis

mysql_query('insert into users values(null, '$name', '$pwd');

$name = $_POST['name'];

Page 14: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

14

1. Introduction2. Implementation3. Evaluation4. Conclusion

First-Order Taint Analysis

mysql_query('insert into users values(null, '$name', '$pwd');

$name = $_POST['name'];

Page 15: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

15

1. Introduction2. Implementation3. Evaluation4. Conclusion

First-Order Taint Analysis

mysql_query('insert into users values(null, '$name', '$pwd');

$name = $_POST['name'];

Page 16: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

16

1. Introduction2. Implementation3. Evaluation4. Conclusion

First-Order Taint Analysis

mysql_query('insert into users values(null, '$name', '$pwd');

$name = $_POST['name'];

Vulnerability Report

POST[name]SQLi

Page 17: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

17

1. Introduction2. Implementation3. Evaluation4. Conclusion

Second-Order Taint Analysis (write)

mysql_query('insert into users values(null, '$name', '$pwd');

$name = escape($_POST['name']);

id name pass

users

Page 18: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

18

1. Introduction2. Implementation3. Evaluation4. Conclusion

Multi-Step Taint Analysis (write)

mysql_query('insert into users values(null, '$name', '$pwd');

$name = $_POST['name'];

id name pass

users

Vulnerability Report

POST[name]SQLi

Page 19: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

19

1. Introduction2. Implementation3. Evaluation4. Conclusion

Second-Order Taint Analysis (read)

echo('Hi ' . $res['name'] . ' !');

$res = mysql_query('select name from users');

$row = mysql_fetch_assoc($res);

PDS

*

Page 20: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

20

1. Introduction2. Implementation3. Evaluation4. Conclusion

Second-Order Taint Analysis (read)

echo('Hi ' . $res['name'] . ' !');

$res = mysql_query('select name from users');

$row = mysql_fetch_assoc($res);

PDS

*

Page 21: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

21

1. Introduction2. Implementation3. Evaluation4. Conclusion

Second-Order Taint Analysis (read)

echo('Hi ' . $res['name'] . ' !');

$res = mysql_query('select name from users');

$row = mysql_fetch_assoc($res);

PDS

*

Page 22: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

22

1. Introduction2. Implementation3. Evaluation4. Conclusion

Second-Order Taint Analysis (read)

echo('Hi ' . $res['name'] . ' !');

$res = mysql_query('select name from users');

$row = mysql_fetch_assoc($res);

PDS

*

Temporary Vulnerability

Reportusers[name]

XSS

Page 23: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

23

1. Introduction2. Implementation3. Evaluation4. Conclusion

Second-Order Taint DecisionPDS

*

Temporary Vulnerability

Reportusers[name]

XSS

id name pass

PDS'

users

Reads Writesconnect

Page 24: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

24

1. Introduction2. Implementation3. Evaluation4. Conclusion

Second-Order Taint DecisionPDS

*

Temporary Vulnerability

Reportusers[name]

XSS

id name pass

PDS'

users

tainted?

Reads Writes

Page 25: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

25

1. Introduction2. Implementation3. Evaluation4. Conclusion

Second-Order Taint DecisionPDS

*

Temporary Vulnerability

Reportusers[name]

XSS

id name pass

PDS'

users

sanitized?

Reads Writes

Page 26: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

26

1. Introduction2. Implementation3. Evaluation4. Conclusion

Second-Order Taint DecisionPDS

*

Temporary Vulnerability

Reportusers[name]

XSS

id name pass

PDS'

users

Second-Order Vulnerability

ReportXSS

Reads Writes

Page 27: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

27

Source: http://rewalls.com

3. Evaluation

1. Introduction2. Implementation3. Evaluation4. Conclusion

Page 28: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

28

Selected Software

● osCommerce 2.3.3.4

● HotCRP 2.61

● OpenConf 5.30

● MyBloggie 2.1.4

● NewsPro 1.1.5

● Scarf 2007-02-27

1. Introduction2. Implementation3. Evaluation4. Conclusion

Page 29: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

29

False Positive

True Positive

False Negative

PDS Usage and Coverage (first-order)

1. Introduction2. Implementation3. Evaluation4. Conclusion

Non-Taintable

Taintable '"\<>

Manually counted PDS (841)

Detected Taintable PDS

71%

6%

29%

77%

23%

PDS

Page 30: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

30

Second-Order Vulnerabilities● 159 True Positives (79%)

97% persistent XSS (database)

Missed by previous work

● 43 False Positives (21%) Root cause: Path-sensitive sanitization E.g., store only valid email

Failures in 1st step propagate to 2nd step

1. Introduction2. Implementation3. Evaluation4. Conclusion

PDS

Page 31: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

31

Multi-Step Exploits● 14 True Positives (93%)

2 based on file upload 12 based on SQLi

Missed by previous work

● 1 False Positives (7%) False positive SQLi

1. Introduction2. Implementation3. Evaluation4. Conclusion

PDS

Page 32: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

32

Second-Order LFI in OpenConf

1. Introduction2. Implementation3. Evaluation4. Conclusion

$r = mysql_query("select setting, value from " . OCC_TABLE_CONFIG);while ($l = mysql_fetch_assoc($r)) { $config[$l['setting']] = $l['value'];}

function printHeader($what, $function="0") { require $GLOBALS['pfx'] . $GLOBALS['config']['OC_headerFile'];}

PDS

Page 33: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

33

Second-Order LFI in OpenConf

1. Introduction2. Implementation3. Evaluation4. Conclusion

$r = mysql_query("select setting, value from " . OCC_TABLE_CONFIG);while ($l = mysql_fetch_assoc($r)) { $config[$l['setting']] = $l['value'];}

function printHeader($what, $function="0") { require $GLOBALS['pfx'] . $GLOBALS['config']['OC_headerFile'];}

PDS

Page 34: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

34

Second-Order LFI in OpenConf

1. Introduction2. Implementation3. Evaluation4. Conclusion

$r = mysql_query("select setting, value from " . OCC_TABLE_CONFIG);while ($l = mysql_fetch_assoc($r)) { $config[$l['setting']] = $l['value'];}

function printHeader($what, $function="0") { require $GLOBALS['pfx'] . $GLOBALS['config']['OC_headerFile'];}

function updateConfigSetting($setting, $value) { ocsql_query("UPDATE `" . OCC_TABLE_CONFIG . "` SET `value`=' " . safeSQLstr(trim($value)) . " ' WHERE `setting`='" . safeSQLstr($setting) . " ' ");}

foreach (array_keys($_POST) as $p) { if (preg_match("/^OC_[\w-]+$/", $p)) { updateConfigSetting($p, $_POST[$p]); }}

PDS

PDS

Page 35: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

35

Multi-Step Exploitation in OpenConf

1. Introduction2. Implementation3. Evaluation4. Conclusion

/data/papers/1.pdf

1. upload

2. escalate

3. reconfigure OC_headerFile

4. included

SQLi or XSS

Remote Command Execution

All issues are fixed in version 5.31 and 6.01

File Upload

Second-Order LFI

Page 36: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

36

Source: http://rewalls.com

4. Conclusion

1. Introduction2. Implementation3. Evaluation4. Conclusion

Page 37: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

37

Conclusion● Static detection of second-order vulnerabilities is possible

Analyze and collect reads/writes to PDS (database, file names, session data) Determine sensitive data flow at the end of analysis

● > 150 new vulnerabilities Leading to RCE in NewsPro, Scarf, OpenConf, osCommerce Overlooked problem in practice, missed in previous work

● Future work Support prepared statements Improve SQL parser

1. Introduction2. Implementation3. Evaluation4. Conclusion

Page 38: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

38

Thank you Facebookfor the generous award

1. Introduction2. Implementation3. Evaluation4. Conclusion

Page 39: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

39

[email protected]

1. Introduction2. Implementation3. Evaluation4. Conclusion

Page 40: Static Detection of Second-Order Vulnerabilities in Web ... · 37 Conclusion Static detection of second-order vulnerabilities is possible Analyze and collect reads/writes to PDS (database,

40

Thank you! Enjoy the conference.


Static Detection of DoS Vulnerabilities in Programs that use ...isil/redos.pdfregular expression by providing a carefully-crafted input string that trig-gers worst-case behavior of

Static Detection of DoS Vulnerabilities in Programs that use ...isil/redos.pdfregular expression by providing a carefully-crafted input string that trig-gers worst-case behavior of

Documents
Detecting and Removing Web Application Vulnerabilities ...awap.sourceforge.net/papers/WAP_IEEE_TR_Mar2016.pdf · Detecting and Removing Web Application Vulnerabilities with Static

Detecting and Removing Web Application Vulnerabilities ...awap.sourceforge.net/papers/WAP_IEEE_TR_Mar2016.pdf · Detecting and Removing Web Application Vulnerabilities with Static

Documents
Deadlock Detection Nov 26, 2012 CS 8803 FPL 1. Part I Static Deadlock Detection Reference: Effective Static Deadlock Detection [ICSE’09]

Deadlock Detection Nov 26, 2012 CS 8803 FPL 1. Part I Static Deadlock Detection Reference: Effective Static Deadlock Detection [ICSE’09]

Documents
Automated Detection of HPP Vulnerabilities in Web Applications

Automated Detection of HPP Vulnerabilities in Web Applications

Documents
A Study on Dynamic Detection of Web Application Vulnerabilities

A Study on Dynamic Detection of Web Application Vulnerabilities

Technology
Securing WebApps – A Survey of Vulnerabilities & Static Analysis Tools Lewis Sykalski

Securing WebApps – A Survey of Vulnerabilities & Static Analysis Tools Lewis Sykalski

Documents
Static detection of complex vulnerabilities in modern PHP

Static detection of complex vulnerabilities in modern PHP

Documents
Static Detection of Web Application Vulnerabilities

Static Detection of Web Application Vulnerabilities

Documents
Detection of Software Vulnerabilities: Static Analysis ... · Bounded Model Checking • Bounded model checkers explore the state space in depth • Can only prove correctness if

Detection of Software Vulnerabilities: Static Analysis ... · Bounded Model Checking • Bounded model checkers explore the state space in depth • Can only prove correctness if

Documents
File Uploaders Vulnerabilities - soroush.secproject.comsoroush.secproject.com/downloadable/File in the hole!.pdf · File Uploaders Vulnerabilities ... Request Body Detection File

File Uploaders Vulnerabilities - soroush.secproject.comsoroush.secproject.com/downloadable/File in the hole!.pdf · File Uploaders Vulnerabilities ... Request Body Detection File

Documents
Detection & prevention of vulnerabilities in web applications · 2020. 3. 20. · vulnerabilities. 1.1 Common Web Application Vulnerabilities The risk of web application vulnerabilities

Detection & prevention of vulnerabilities in web applications · 2020. 3. 20. · vulnerabilities. 1.1 Common Web Application Vulnerabilities The risk of web application vulnerabilities

Documents
Automated Detection of Software Bugs and Vulnerabilities in Linux

Automated Detection of Software Bugs and Vulnerabilities in Linux

Technology
Side Channel Vulnerabilities on the Web - Detection … 3 Agenda Background Side channel vulnerabilities on the Web Timing Side Channels Detection Attack Prevention Storage Side Channels

Side Channel Vulnerabilities on the Web - Detection … 3 Agenda Background Side channel vulnerabilities on the Web Timing Side Channels Detection Attack Prevention Storage Side Channels

Documents
Implementation Vulnerabilities and Detection - Paper

Implementation Vulnerabilities and Detection - Paper

Documents
Hardware Vulnerabilities - University of Cincinnatigauss.ececs.uc.edu/Courses/c6056/pdf/hardware.pdf · Hardware Vulnerabilities Trojan Detection Destructive detection A sample of

Hardware Vulnerabilities - University of Cincinnatigauss.ececs.uc.edu/Courses/c6056/pdf/hardware.pdf · Hardware Vulnerabilities Trojan Detection Destructive detection A sample of

Documents
Static Race Detection

Static Race Detection

Documents
Preventing Software Vulnerabilities by Static Verification and Run Time Checking

Preventing Software Vulnerabilities by Static Verification and Run Time Checking

Documents
Effective Static Deadlock Detection

Effective Static Deadlock Detection

Documents
RIPS: A static source code analyser for vulnerabilities in …holisticinfosec.org/toolsmith/pdf/july2011.pdf ·  · 2015-08-17... A static source code analyser for vulnerabilities

RIPS: A static source code analyser for vulnerabilities in …holisticinfosec.org/toolsmith/pdf/july2011.pdf ·  · 2015-08-17... A static source code analyser for vulnerabilities

Documents
Precise Detection of Side-Channel Vulnerabilities using ... · Precise Detection of Side-Channel Vulnerabilities using Quantitative Cartesian Hoare Logic Jia Chen University of Texas

Precise Detection of Side-Channel Vulnerabilities using ... · Precise Detection of Side-Channel Vulnerabilities using Quantitative Cartesian Hoare Logic Jia Chen University of Texas

Documents
Static Detection of Access Control Vulnerabilities in Web ...€¦ · "IT Security for the Next Generation", American Cup Vulnerability Detector Vuls Inputs (source code, entry points,

Static Detection of Access Control Vulnerabilities in Web ...€¦ · "IT Security for the Next Generation", American Cup Vulnerability Detector Vuls Inputs (source code, entry points,

Documents
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities

Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities

Documents
Static Detection of Access Control Vulnerabilities in Web ...web.cs.ucdavis.edu/~su/publications/security11.pdf · constructs sitemaps for different roles in a web applica-tion, compares

Static Detection of Access Control Vulnerabilities in Web ...web.cs.ucdavis.edu/~su/publications/security11.pdf · constructs sitemaps for different roles in a web applica-tion, compares

Documents
Static Detection of DoS Vulnerabilities in Programs that use ...mheule/publications/evil-regexes.pdfton (NFA) and perform backtracking search over all possible runs of this NFA. Although

Static Detection of DoS Vulnerabilities in Programs that use ...mheule/publications/evil-regexes.pdfton (NFA) and perform backtracking search over all possible runs of this NFA. Although

Documents
THAPS: Detection of Web Application Vulnerabilities

THAPS: Detection of Web Application Vulnerabilities

Documents
TAP: A static analysis model for PHP vulnerabilities based

TAP: A static analysis model for PHP vulnerabilities based

Documents
RIPS - A static source code analyser for vulnerabilities in PHP scripts

RIPS - A static source code analyser for vulnerabilities in PHP scripts

Documents
Detection of recurring software vulnerabilities

Detection of recurring software vulnerabilities

Documents
Precise Detection of Side-Channel Vulnerabilities using

Precise Detection of Side-Channel Vulnerabilities using

Documents
Source port vulnerabilities in .JP - static ... - DNS-OARC · Vulnerabilities suspected Heavy user exists. Vulnerabilities suspected Heavy user exists. Vulnerabilities suspected 25

Source port vulnerabilities in .JP - static ... - DNS-OARC · Vulnerabilities suspected Heavy user exists. Vulnerabilities suspected Heavy user exists. Vulnerabilities suspected 25

Documents