Static Analysis of a Source Code

938 Words2 Pages

Introduction

The main purpose of performing a static analysis of a source code as far

as web applications auditing is concern is to detect vulnerability. This article

describes therefore an algorithm proposal that will be used to examine two main

PHP source code potential vulnerabilities; LFI (Local File Inclusion) and RFI

(Remote File Inclusion). The approach will be as follow, a de nition of the pat-

tern used to nd such les function whose potential for abuse is very high as a

result of having user inputs that are unhandled, is rst made. In speci c terms,

to detect the vulnerability of this pattern utilizes normal expressions which are

deemed as a fast and uncomplicated technique. In this process some result we

call false positive (FP) will result as a consequence of using, in a safe way, in-

clusion function. The resultant FP's to begin with may come about since this

function's arguments are not part of those variables supplied by the user. To de-

tect the vulnerability in the code lines therefore, an extract of all those variables

supplied by the user is made. Just like a multi-level assignment, vulnerability

on the other hand would spread mound the variables hence also prompting the

extraction of hidden user supplied variables. So in order to decrease these FP's

another pattern de nition is made in order to establish a means of vulnerability

prevention of the inclusion functions.

Despite permitting the generation of extensively used dynamic codes and

indirection multi levels as far as function access and variables are concerned, the

results in a number of similar projects bring to the light that many presented

problems using this approach can be detected and eliminated. This is in spite of

static ana...

... middle of paper ...

...n the areas that pertains the entries should be rmly certi ed

to avoid various security threats. This section will provide some in sight on

the prevention methods of LFI and RFI susceptibilities. Also highlighted are

the various ways to deal with the abuses of le enclosure on websites and more

signi cantly in codes and nally PHP format examples in code will be provided.

One of the best and ecient way is the use of a white le of good recognized

values for example the list of all the areas and the languages that are supported

by the application and at the same time, eliminating any entry that doesn't

meet these criteria or also the ones that do not appear on the list. The next

step is to check the source code after a le has been displayed and included,

therefore, if the code checks, then the it is given access to the le and if not

then it is excluded.

Show More
Related

  • Uustal Ethical Decision Making Model Essay

    664 Words  | 2 Pages

    Step 4: Examine and categorize the alternatives. Identify those that are consistent and inconsistent with your personal values.

    Read More

  • Nt1330 Unit 5 Application Paper

    419 Words  | 1 Pages

    Despite its conceptual elegance, RPC (Remote Procedure Call) have a few problems. Discuss any 3 of those in brief.

    Read More

  • Nt1310 Unit 1 Essays

    1692 Words  | 4 Pages

    2. Answer questions in each of the Knowledge Check areas on pages: 10, 17, and 28.

    Read More

  • Forensic Psychology Article Critique Paper

    994 Words  | 2 Pages

    system. A weakness on the other hand could be that the article only looks at one method for

    Read More

  • Critical Appraisal Of A Qualitative Nursing

    975 Words  | 2 Pages

    were used and therefore no evaluation of why this was done is mentioned. This is a weakness

    Read More

  • CBA

    1383 Words  | 3 Pages

    There are over 2,405,518,376 internet users on a global scale. More than 50% of the world have a form of Internet censorship, and of those countries China, North Korea, Iran, and Vietnam heavily restrict its citizens. This recent topic has reached new heights in the US with the growing number of access to internet. More and more people are debating whether the internet should be censored. Internet censorship is the control or suppression of what can be accessed, published, or viewed on the internet. This would affect everyone and me. I specifically use the internet to read about controversial view and other information that gets ignored by the media or isn’t circulated anymore. Most of these sites would fall in the black list of censoring. A small percentage of users post conspicuous posts, graphic material, and infringing copyright links. Although inappropriate it shouldn’t demand internet censorship, because it goes against the individual rights of the people. Freedom of speech and press will be restricted by the government. To a point where people would be scared to express themselves, or spread information for they might be punished. Even if their opinion is erroneous and maleficent, it’s still that person’s opinion and he’s entitled to it. Same can be said for the common good everyone should be able to voice their opinions without censorship anywhere. Everyone should also have the access to any information on the internet. If anyone is offended by what is said on the internet, then they can remember to not visit the webpage next time and hold themselves accountable. This paper will examine the issue of internet censorship constituting a violation to the American people individual rights, common good, and the constitution.

    Read More

  • Narrative Structures in Zadie Smith's White Teeth and Toni Morrison's Beloved

    2803 Words  | 6 Pages

    it can be used in a variety of different manners in order to achieve a

    Read More

  • Hate Groups on the Internet

    3661 Words  | 8 Pages

    Technology has provided our society with numerous innovations that have been created to improve the quality of life on a daily basis. One such innovation is the Internet. The access to a wide variety of information is perhaps the most valuable tool, as well as the most important tool, that we have entering the twenty-first century. There are virtually no limits on how much can be achieved through the use of the Internet. This is not, however, necessarily a good thing. Most people find that offensive material such as child pornography and hate-related propaganda can be viewed by people too easily via the Internet. While child pornography is a detestable subject, it does not have the sort of appeal that a hate group website does in that there are stricter guidelines preventing individuals from attaining child pornography material from the Internet. These stricter guidelines include the Communications Decency Act (1995), which forbids the use of the Internet for such purposes as attaining material of a child pornographic nature (Wolf, 2000). This law can also be used to monitor the hate group websites, but since the law is too broad, it is rarely held up in court. The hate group websites do, however, have a large enough following that there is legislation being formed to specifically target the material on the sites. Despite the highly offensive nature of hate group websites, the sites should not be censored because the right to free speech must be preserved. In this paper we will define what is considered to be hateful content; why this hateful content should be protected; what else can be done to monitor this material on the Internet; and when are the people cr...

    Read More

  • America Needs Internet Censorship

    1055 Words  | 3 Pages

    Tears begin to fall down a child’s face. Her body goes into shock out of fear. Her mother warned her about watching inappropriate content, and there it was, right on her computer screen. This could not have happened though. All she was doing was casually browsing the internet before a pop-up appeared. Although it may seem hard to believe, the major cause of events such as this is the lack of censorship on the internet. Internet censorship relates to the removal of offensive, inappropriate, or controversial content published online. The current problem with the internet is that there are few restrictions on what can be published or viewed. Several sites on the internet only offer a warning about inappropriate content that can easily be bypassed by agreeing to the terms. Other websites provide access to private or military information. More dreadfully, however, are websites that use their explicit content as a promotion. These factors bring the conclusion that anybody of any given age can view and publish inappropriate or dangerous content. The current problems with the internet serve for clarification as to why the United States should create a nonpartisan assembly to censor the internet in order to protect its citizens from the mental, emotional, and physical harms the internet creates.

    Read More

  • Essay on Internet Privacy - Ethical Issues Raised by Privacy Service Providers

    2877 Words  | 6 Pages

    Abstract:  This paper examines the use of Internet technologies (specifically SafeWeb.com) to counteract invasions of personal privacy and censorship.  The paper begins by exploring the methods by which governments, corporations, and commercial agents invade personal privacy.  It also discusses Internet censorship on the corporate and governmental levels.  It then proceeds to discuss SafeWeb.com, a technology that allows Internet users to surf the Web privately and view censored content.  The paper finishes by exploring some of the ethical issues raised by Internet privacy and censorship in specific relation to SafeWeb, concluding that the application of SafeWeb in circumventing the authority of governments and corporations is inherently unethical.

    Read More

  • Remote Control Software Used in a Local Area Network

    8706 Words  | 18 Pages

    Remote-control software is an application that you install on two PCs that permits one system (the guest) to connect with and control another (the host). Once you're connected, you can do just about anything as if you were sitting at the host PC. In addition, remote-control software lets you transfer files between PCs faster and more efficiently. The latest remote-control programs support a myriad of connection types including Internet connections, which are becoming increasingly important. The key advantage to Internet connections is that they let mobile users connect to a PC or server anywhere on the globe via an inexpensive local telephone call. So no matter where you are, you can always stay in touch.

    Read More

  • Enterprise Resource Planning

    1970 Words  | 4 Pages

    support for specific industries (e.g., SAP supports a wide range of industries,including oil and gas, health care, chemicals, and banking);

    Read More

  • Internet Essay - Online Anonymity and Cyberspace Crime

    2068 Words  | 5 Pages

    The 90's internet boom gave rise to new ways of writing in through access to cyberspace. What used to be printed or handwritten on physical surfaces such as paper, cardboard, or bulletin boards has changed to 0's and 1's, bits and bytes of digitized information that can be displayed thru the projections of computer screens. Moreover, the internet has made the process of publishing one's works, writing letters, or chatting with one another much easier and convenient for everyone around the globe. The internet became a universal tool, giving much freedom and flexibility to the users; it gave them opportunity to deliver their thoughts with little or no restrictions. Since it's impossible to regulate all cyber-activities, internet users are often unrestricted by the normal laws or authorities that would set boundaries around the various online transactions. More importantly, the fact that a net user can take on different identities in cyberspace brings about several ethical and social issues. These anonymous and unrestrictive characteristics of cyberspace often permite abusive users to easily involve themselves in serious cybercrimes such as cyberstalking, cyber-rape, and cyber-harassment through chatting services, emails, cyber communities, and other online communication.

    Read More

  • Regulating the Internet

    2312 Words  | 5 Pages

    The internet has been one of the most influential technological advancements of the twenty-first century. It is in millions of homes, schools, and workplaces. The internet offers not only a way of communicating with people around the world, but also a link to information, shopping, chatting, searching, and maps. This freedom to be anyone and to "go" anywhere right from the comfort of home has become a cherished item. However, there is always a down side to every up. Because of the freedom to post anything and access anything on the internet, the issue of regulation has arisen; for example, what should and should not be allowed on the internet? Who has the right to regulate this space that we cherish for its freedom?

    Read More

  • recycling plastic

    643 Words  | 2 Pages

    type of plastic and by color. The first step is the most important one in the process.

    Read More

More about Static Analysis of a Source Code

Open Document