WAFA: Fine-grained dynamic analysis of web applications

Alalfi, Manar H.; Cordy, James R.; Dean, Thomas R.

doi:10.1109/wse.2009.5631226

Cited by 20 publications

(14 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Alalfi et al [7] proposed an approach based on a combination of static and dynamic information to analyze Web applications, and suggested the use of coverage metrics [8] to ensure accurate information. They applied this approach to the security analysis of WEB applications.…”

Section: A Php Application Analysismentioning

confidence: 99%

Are PHP applications ready for Hack?

Eshkevari

Santos

Cordy

et al. 2015

2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER)

Self Cite

View full text Add to dashboard Cite

Abstract-PHP is by far the most popular WEB scripting language, accounting for more than 80% of existing websites. PHP is dynamically typed, which means that variables take on the type of the objects that they are assigned, and may change type as execution proceeds. While some type changes are likely not harmful, others involving function calls and global variables may be more difficult to understand and the source of many bugs. Hack, a new PHP variant endorsed by Facebook, attempts to address this problem by adding static typing to PHP variables, which limits them to a single consistent type throughout execution. This paper defines an empirical taxonomy of PHP type changes along three dimensions: the complexity or burden imposed to understand the type change; whether or not the change is potentially harmful; and the actual types changed. We apply static and dynamic analyses to three widely used WEB applications coded in PHP (WordPress, Drupal and phpBB) to investigate (1) to what extent developers really use dynamic typing, (2) what kinds of type changes are actually encountered; and (3) how difficult it might be to refactor the code to avoid type changes, and thus meet the constraints of Hack's static typing.We report evidence that dynamic typing is actually a relatively uncommon practice in production PHP programs, and that most dynamic type changes are simple representational changes, such as between strings and integers. We observe that most PHP type changes in these programs are relatively simple, and that the largest proportion of them are easy to refactor to consistent static typing using simple local renaming transformations. Overall, the paper casts doubt on the usefulness of dynamic typing in PHP, and indicates that for many production applications, conversion to Hack's static typing may not be very difficult.

show abstract

Section: A Php Application Analysismentioning

confidence: 99%

Are PHP applications ready for Hack?

Eshkevari

Santos

Cordy

et al. 2015

2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER)

Self Cite

View full text Add to dashboard Cite

show abstract

“…Figure 1 shows the general framework of our technique to convert the structural and behavioral models into a SecureUML security model. The work described in this paper is part of a larger toolset to analyze role-based access control which begins with automated recovery of structural and behavioral models described in detail elsewhere [5,6,7,8]. The lower left (SQL2XMI) represents our automated recovery of the structural model (represented by an ER Data Model) from the application's schema source, while the upper left (PHP2XMI, WAFA, DWASTIC) represents the automated recovery of the application's behavioral model (represented by a sequence diagram) using a combination of static and dynamic analysis.…”

Section: Running Examplementioning

confidence: 99%

“…A set of three tools, PHP2XMI [5], WAFA [8] and DWASTIC [7] is used to recover this model. First, PHP2XMI uses source transformation to instrument the This sequence diagram is then extended by WAFA, which recovers a finegrained interaction model from the application.…”

Section: Overviewmentioning

confidence: 99%

“…In this paper we use TXL [4], a source transformation tool, to transform previously recovered structural and behavioral models [5,6,7,8] to a role-based access control (RBAC) [9] model. The target model, a SecureUML [10] model expressed in XMI 2.1, can then be used to check that the desired access control properties are correctly implemented in the code.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Recovering Role-Based Access Control Security Models from Dynamic Web Applications

Alalfi

Cordy

Dean

2012

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Security of dynamic web applications is a serious issue. While Model Driven Architecture (MDA) techniques can be used to generate applications with given access control security properties, analysis of existing web applications is more problematic. In this paper we present a model transformation technique to automatically construct a role-based access control (RBAC) security model of dynamic web applications from previously recovered structural and behavioral models. The SecureUML model generated by this technique can be used to check for security properties of the original application. We demonstrate our approach by constructing an RBAC security model of PhpBB, a popular internet bulletin board system.

show abstract

“…Their experiments revealed that static analysis techniques would have been inapplicable in this context. The WAFA approach [47], by Alalfi et al, is dedicated to program comprehension. It combines static and dynamic program analysis techniques for achieving a fine-grained analysis of database interactions in web applications.…”

Section: Related Workmentioning

confidence: 99%

Database Semantics Recovery through Analysis of Dynamic SQL Statements

Cleve

Meurisse

Hainaut

2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. The documentation of a database includes its conceptual schema, that formalizes the semantics of the data, and its logical schema that translates the former according to an operational database model. Important engineering processes such as database and program evolution rely on a complete and accurate database documentation. In many cases, however, these schemas are missing, or, at best, incomplete and outdated. Their reconstruction, a process called database reverse engineering, requires DDL code analysis but, more important, the elicitation of implicit constructs (data structures and constraints), that is, constructs that have been incompletely translated into the operational database schema. The most powerful discovery technique of these implicit constructs is the static analysis of application program source code, and, in particular of embedded SQL statements. Unfortunately, the increasing use of dynamic SQL in business applications development makes such techniques helpless, so that modern web software systems can no longer be correctly redocumented through current reverse engineering techniques. This paper introduces and evaluates dynamic SQL capturing and analysis techniques and shows that they can replace and even improve upon pure static analysis. A real world case study is presented and discussed.

show abstract

WAFA: Fine-grained dynamic analysis of web applications

Cited by 20 publications

References 16 publications

Are PHP applications ready for Hack?

Are PHP applications ready for Hack?

Recovering Role-Based Access Control Security Models from Dynamic Web Applications

Database Semantics Recovery through Analysis of Dynamic SQL Statements

Contact Info

Product

Resources

About