Simulation of Built-in PHP Features for Precise Static Code Analysis presented at NDSS 2014

by Thorsten Holz, Johannes Dahse,

Summary : PHP is the most popular and diverse scripting language on the Web. We introduce a new static code analyzer that precisely models built-in PHP features and their interaction. Our evaluation shows that this is the key for vulnerability detection in modern applications.