New PHP Interpreter Finds XSS, Injection Holes 66
rkrishardy writes "A group of researchers from MIT, Stanford, and Syracuse has developed a new program, named 'Ardilla,' which can analyze PHP code for cross-site scripting (XSS) and SQL injection attack vulnerabilities. (Here is the paper, in PDF, and a table of results from scanning six PHP applications.) Ardilla uses a modified Zend interpreter to analyze the code, trace the data, and determine whether the threat is real or not, significantly decreasing false positives." Unfortunately, license issues prevent the tool in its current form from being released as open source.
Find X? (Score:4, Funny)
New PHP Interpreter Findx XSS, Injection Holes
New PHP Interpreter Finds XSS, Injection Holes
Fixed it for you.
Clearly the title was trying to illustrate the PHP interpreter's ability to solve the pythagorean theorem [mit.edu].
Not open source? (Score:1, Funny)
it probably hasn't been open sourced because it's full of security holes
Already made one (Score:3, Funny)
Re:Find X? (Score:5, Funny)
Clearly the title was trying to illustrate the PHP interpreter's ability to solve the pythagorean theorem [mit.edu].
I don't need PHP for that! Besides, the pythagorean theorem doesn't have X, just a, b, and c.
a^2 + b^2 = c^2
I see you prefer short, nondescript variable names for your algorithms. I pity the person who has to maintain that bit of code. What is a? What is b? What is c?
I ascribe to a more Knuth-y self descriptive code and prefer the Pythagorean theorem to look more like:
sideAdjacentToRightAngle^2 + otherSideAdjacentToRightAngle^2 = sideOppositeRightAngle^2
Or maybe I'm just being a smartass? It's so hard to tell with developers these days ...
You are an awful programmer (Score:2, Funny)
Re:Already made one (Score:2, Funny)
Re:Find X? (Score:4, Funny)
I ascribe to a more Knuth-y self descriptive code and prefer the Pythagorean theorem to look more like: sideAdjacentToRightAngle^2 + otherSideAdjacentToRightAngle^2 = sideOppositeRightAngle^2 Or maybe I'm just being a smartass? It's so hard to tell with developers these days ...
Would you want to stare at a wall of code with otherSideAdjacentToRightAngles and sideOppositeRightAngles and sideAdjacentToRightAngles all over the place?
You could just go all the way and call them II11011I, I1IIOI1I, and II110I1I. At least call one of them "hypotenuse", christ.
Re:Find X? (Score:3, Funny)
Magic constants?! That's dreadful! How am I supposed to know what 2 is for in that code? And, worse, what if you need to change it to something other than 2? You'd have to change it in three places. You might easily forget one and break everything.