Member Login
Discussion

New PHP Interpreter Finds XSS, Injection Holes

Last updated on Sat, 06/20/2009 - 02:28

A group of researchers from MIT, Stanford, and Syracuse has developed a new program, named 'Ardilla,' which can analyze PHP code for cross-site scripting (XSS) and SQL injection attack vulnerabilities. (Here is the paper, in PDF, and a table of results from scanning six PHP applications.) Ardilla uses a modified Zend interpreter to analyze the code, trace the data, and determine whether the threat is real or not, significantly decreasing false positives.

First Appeared in Slashdot

Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Reddit
  • Newsvine
  • Facebook
  • Google
  • Yahoo
  • Technorati
  • Icerocket
Current jobs
No job postings to display
Who's new
  • dhurba
  • samir
  • sushil
  • rightchoice2c_me
  • bishal
Poll
Which is your favorite PHP Web Framework?: