Slashdot Mirror

← Back to Stories (view on slashdot.org)

New PHP Interpreter Finds XSS, Injection Holes

Posted by kdawson on from the double-edged-sword dept.

rkrishardy writes "A group of researchers from MIT, Stanford, and Syracuse has developed a new program, named 'Ardilla,' which can analyze PHP code for cross-site scripting (XSS) and SQL injection attack vulnerabilities. (Here is the paper, in PDF, and a table of results from scanning six PHP applications.) Ardilla uses a modified Zend interpreter to analyze the code, trace the data, and determine whether the threat is real or not, significantly decreasing false positives." Unfortunately, license issues prevent the tool in its current form from being released as open source.

3 of 66 comments (clear)

  1. Fixed it for you by techprophet · · Score: 4, Informative

    New PHP Interpreter Finds XSS, Injection Holes

    Fixed it for you.

  2. Find X? by eldavojohn · · Score: 4, Funny

    New PHP Interpreter Findx XSS, Injection Holes

    New PHP Interpreter Finds XSS, Injection Holes

    Fixed it for you.

    Clearly the title was trying to illustrate the PHP interpreter's ability to solve the pythagorean theorem.

    --
    My work here is dung.
    1. Re:Find X? by eldavojohn · · Score: 5, Funny

      Clearly the title was trying to illustrate the PHP interpreter's ability to solve the pythagorean theorem [mit.edu].

      I don't need PHP for that! Besides, the pythagorean theorem doesn't have X, just a, b, and c.

      a^2 + b^2 = c^2

      I see you prefer short, nondescript variable names for your algorithms. I pity the person who has to maintain that bit of code. What is a? What is b? What is c?

      I ascribe to a more Knuth-y self descriptive code and prefer the Pythagorean theorem to look more like:

      sideAdjacentToRightAngle^2 + otherSideAdjacentToRightAngle^2 = sideOppositeRightAngle^2

      Or maybe I'm just being a smartass? It's so hard to tell with developers these days ...

      --
      My work here is dung.