IBM®
Skip to main content
    Country/region change    Terms of use
  
 
 
    Home    Products    Services & solutions    Support & downloads    My account    
IBM Research

PHP Security Research


About this project  

The LAMP stack (Linux, Apache, mySQL, PHP/Perl/Python) is very popular because of the ease with which web applications can rapidly be developed. Substantial open source code exists to rapidly create Web applications. However, software quality, including security, is a major issue for the deployment of such applications. Security flaws, for instance, can be introduced at several points in the life cycle of a Web application:

  • at the client side in the web browser,
  • on the wire,
  • at the front end of the server,
  • in the web application on the server,
  • at Web services level, and
  • in the back end (e.g., databases).
An end-to-end Web application consists of components and modules written in multiple languages, including JavaScript, HTML, PHP, Python, Java, and SQL. The goal of this project is to perform an end-to-end security analysis based on the use of static and dynamic analysis of programs written in multiple languages.
Our approach for addressing the end-to-end software quality and security of Web applications consists of building tools for analyzing programs written in multiple languages. Our current focus is on analyzing PHP applications for detecting software errors, including security vulnerabilities that may exist in such applications. Our approach includes not only analysis of PHP programs, but also includes analysis of configuration files, and the interplay that exists between PHP, Apache, and database configurations.

Our next step will be to extend our approach to analyzing programs written in JavaScript and databases, including the respective configuration files. Our tools can be used during the development, build, and deployment of web (PHP) applications. We intend for the tools to be available as Eclipse plugins.



Last updated 14 Apr 2006

  
Researchers  

Larry Koved; Vugranam C Sreedhar

  Research labs involved

Watson Research Center (Hawthorne)


  Additional information

Java Security Research

SOA and Web Services Security

Secure Software and Services

Security and Privacy Home Page

Security WORkbench Development Environment for Java (SWORD4J)

Programming Languages and Software Engineering Department at IBM Research

    About IBM    Privacy    Contact