Open Access Open Access  Restricted Access Subscription Access

Prop - Patronage of PHP Web Applications


Affiliations
1 Centre for Development of Advanced Computing, Hyderabad, India
 

PHP is one of the most commonly used languages to develop web sites because of its simplicity, easy to learn and it can be easily embedded with any of the databases. A web developer with his basic knowledge developing an application without practising secure guidelines, improper validation of user inputs leads to various source code vulnerabilities. Logical flaws while designing, implementing and hosting the web application causes work flow deviation attacks. In this paper, we are analyzing the complete behaviour of a web application through static and dynamic analysis methodologies.

Keywords

Authentication and Authorization Bypass, Cross-Site Scripting, Session Hijacking, Code Injection, Command Injection.
User
Notifications
Font Size

Abstract Views: 257

PDF Views: 149




  • Prop - Patronage of PHP Web Applications

Abstract Views: 257  |  PDF Views: 149

Authors

C. Sireesha
Centre for Development of Advanced Computing, Hyderabad, India
G. Jyostna
Centre for Development of Advanced Computing, Hyderabad, India
P. Raghu Varan
Centre for Development of Advanced Computing, Hyderabad, India
P. R. L. Eswari
Centre for Development of Advanced Computing, Hyderabad, India

Abstract


PHP is one of the most commonly used languages to develop web sites because of its simplicity, easy to learn and it can be easily embedded with any of the databases. A web developer with his basic knowledge developing an application without practising secure guidelines, improper validation of user inputs leads to various source code vulnerabilities. Logical flaws while designing, implementing and hosting the web application causes work flow deviation attacks. In this paper, we are analyzing the complete behaviour of a web application through static and dynamic analysis methodologies.

Keywords


Authentication and Authorization Bypass, Cross-Site Scripting, Session Hijacking, Code Injection, Command Injection.