PHP Aspis: Using Partial Taint Tracking To Protect Against Injection Attacks

Web applications are increasingly popular victims of security attacks. Injection attacks, such as Cross Site Scripting or SQL Injection, are a persistent problem. Even though developers are aware of them, the suggested best practices for protection are error prone: unless all user input is consistently filtered, any application may be vulnerable. When hosting web applications, administrators face a dilemma: they can only deploy applications that are trusted or they risk their system’s security.

To prevent injection vulnerabilities, we introduce PHP Aspis: a source code transformation tool that applies partial taint tracking at the language level. PHP Aspis augments values with taint meta-data to track their origin in order to detect injection vulnerabilities. To improve performance, PHP Aspis carries out taint propagation only in an application’s most vulnerable parts: thirdparty plugins. We evaluate PHP Aspis with Wordpress, a popular open source weblog platform, and show that it prevents all code injection exploits that were found in Wordpress plugins in 2010.

2nd USENIX Conference on Web Application Development (WebApps)
Publication Year
Related Projects