Proceedings paper

Title:
WeVerca: Web Applications Verification for PHP
Authors:
D. Hauzar, J. Kofroň
Publication:
Proceedings of SEFM 2014
DOI:
10.1007/978-3-319-10431-7_24
Year:
2014
ISBN:
978-3-319-10430-0
Link:
https://link.springer.com/chapter/10.1007/978-3-319-10431-7_24

Abstract:
Static analysis of web applications developed in dynamic languages is a challenging yet very important task. In this paper, we present WeVerca, a framework that allows one to define static analyses of PHP applications. It supports dynamic type system, dynamic method calls, dynamic data structures, etc. These common features of dynamic languages cause implementation of static analyses to be either imprecise or overly complex. Our framework addresses this problem by defining end-user static analyses independently of value and heap analyses necessary just to resolve these features. As our results show, taint analysis defined using the framework found more real problems and reduced the number of false positives comparing to existing state-of-the-art analysis tools for PHP.

BibTeX:
@inproceedings{hauzar_weverca_2014,
    title = {{WeVerca: Web Applications Verification for PHP}},
    author = {Hauzar, David and Kofroň, Jan},
    year = {2014},
    booktitle = {{Proceedings of SEFM 2014}},
    editor = {Giannakopoulou, Dimitra and Salaün, Gwen},
    publisher = {Springer International Publishing},
    series = {{Lecture Notes in Computer Science}},
    doi = {10.1007/978-3-319-10431-7_24},
    isbn = {978-3-319-10430-0},
    pages = {296--301},
    url = {https://link.springer.com/chapter/10.1007/978-3-319-10431-7_24},
    shorttitle = {WeVerca},
}