New PHP Interpreter Finds XSS, Injection Holes - Slashdot

Slashdot

New PHP Interpreter Finds XSS, Injection Holes 66

Posted by kdawson on Friday June 19 2009, @11:22AM
from the double-edged-sword dept.

rkrishardy writes "A group of researchers from MIT, Stanford, and Syracuse has developed a new program, named 'Ardilla,' which can analyze PHP code for cross-site scripting (XSS) and SQL injection attack vulnerabilities. (Here is the paper, in PDF, and a table of results from scanning six PHP applications.) Ardilla uses a modified Zend interpreter to analyze the code, trace the data, and determine whether the threat is real or not, significantly decreasing false positives." Unfortunately, license issues prevent the tool in its current form from being released as open source.

This discussion has been archived. No new comments can be posted.

New PHP Interpreter Finds XSS, Injection Holes

Search 66 Comments Log In/Create an Account

Comments Filter:

Fixed it for you (Score:4, Informative)

by techprophet (1281752) writes: <emallson@archli[ ].us ['nux' in gap]> on Friday June 19 2009, @11:24AM (#28390519) Homepage Journal

New PHP Interpreter Finds XSS, Injection Holes
Fixed it for you.

Share
twitter facebook
DarkReading! (Score:4, Informative)

by jginspace (678908) writes: <jginspace@ y a hoo.com> on Friday June 19 2009, @11:58AM (#28390973) Homepage Journal

TFA is just blog spam. See source [darkreading.com].
And I wonder, are the maintainers of schoolmate and webchess now frantically patching their code? None of the articles gives dates - although the PDF is more than 18 months old.

Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

453 commentsYour Passwords Don't Suck — It's Your Policies
418 commentsFBI Says American Universities Infiltrated by Spies
388 commentsAdobe Introduces the Paid Security Fix
343 commentsSymantec: Religious Sites "Riskier Than Porn For Viruses"
333 commentsOsama Bin Laden Didn't Encrypt His Files

The game of life is a game of boomerangs. Our thoughts, deeds and words return to us sooner or later with astounding accuracy.