Static Detection of Security Vulnerabilities in Scripting Languages


We present a static analysis algorithm for detecting security vulnerabilities in PHP, a popular server-side scripting language for building web applications. Our analysis employs a novel three-tier architecture to capture information at decreasing levels of granularity at the intrablock, intraprocedural, and interprocedural level. This architecture enables us to handle dynamic features of scripting languages that have not been adequately addressed by previous techniques.

We demonstrate the effectiveness of our approach on six popular open source PHP code bases, finding 105 previously unknown security vulnerabilities, most of which we believe are remotely exploitable.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {182868,
author = {Yichen Xie and Alex Aiken},
title = {Static Detection of Security Vulnerabilities in Scripting Languages},
booktitle = {Presented as part of the 15th {USENIX} Security Symposium ({USENIX} Security 06)},
year = {2006},
address = {Vancouver, B.C. Canada},
url = {},
publisher = {{USENIX}},

Presentation Video

Download Video

Presentation Audio