New PHP Interpreter Finds XSS, Injection Holes

Posted by kdawson on Friday June 19, 2009 @03:22AM from the double-edged-sword dept.

rkrishardy writes "A group of researchers from MIT, Stanford, and Syracuse has developed a new program, named 'Ardilla,' which can analyze PHP code for cross-site scripting (XSS) and SQL injection attack vulnerabilities. (Here is the paper, in PDF, and a table of results from scanning six PHP applications.) Ardilla uses a modified Zend interpreter to analyze the code, trace the data, and determine whether the threat is real or not, significantly decreasing false positives." Unfortunately, license issues prevent the tool in its current form from being released as open source.

2 of 66 comments (clear)

Min score:

Reason:

Sort:

Fixed it for you by techprophet · 2009-06-19 03:24 · Score: 4, Informative

New PHP Interpreter Finds XSS, Injection Holes
Fixed it for you.
DarkReading! by jginspace · 2009-06-19 03:58 · Score: 3, Informative

TFA is just blog spam. See source.
And I wonder, are the maintainers of schoolmate and webchess now frantically patching their code? None of the articles gives dates - although the PDF is more than 18 months old.