Automatically Hardening Web Applications Using Precise Tainting

Many web applications are vulnerable to attacks such as SQL injection, PHP injection, and cross-site scripting. This is a major problem and many efforts have been made to prevent attacks on web applications. Previous solutions to this problem have either required effort from the application developer, or prevented normal use of the applications. Our solution to this problem does not require effort from the application developer and it will not prevent normal use of the applications. We use a method called precise tainting to track information flow through a web application and prevent non-trusted data from being misused. In the past, course-grain tainting has been used, but it prevents normal use of the applications. We maintain taint information at a fine granularity within strings, even through function calls. To prevent attacks, we make sure no tainted data is used in possibly dangerous ways. The act of checking to make sure no tainted data is being used dangerously is also done at a fine level of granularity. When an attack is detected, our modified version of PHP prevents the attack from being executed without disrupting normal web application behavior.