Simulation of Built-in PHP Features for Precise Static Code Analysis

No ratings

Presented at NDSS 2014 by

Thorsten Holz

Johannes Dahse

PHP is the most popular and diverse scripting language on the Web. We introduce a new static code analyzer that precisely models built-in PHP features and their interaction. Our evaluation shows that this is the key for vulnerability detection in modern applications.