PHP Interpreter Modified To Find XSS and Injection Holes, Automatically Generates Attacks
at 2:46 pm
on June 19, 2009
in Databases, Programming, Security, Technology
no comments
Researchers have built a tool that automatically finds and exploits SQL injection and cross-site scripting vulnerabilities in Web applications.
The so-called Ardilla tool uses a technique developed by the researchers — MIT’s Adam Kiezun, the University of Washington’s Michael Ernst, Stanford’s Philip Guo, and Syracuse University’s Karthick Jayaraman — that creates inputs that pinpoint bugs in Web applications and then generates SQL injection and XSS attacks. Ardilla is for PHP-based Web apps.
There is also a table of results from analysis done against several PHP web applications
Via: darkREADING
Leave a Comment...
You must be logged in to post a comment.
Ruan is a resolute technophile that is currently devoted to the professional practice of Information Technology Management. In his free time Ruan pursues various interests including the study of Information Security practices and the exploration of visual culture through contemporary photography and communication design.
- IBM embraces Firefox, adopts it internally
9:54 am, July 5, 2010 - Canada Post warns of fraudulent email
7:18 pm, April 26, 2010 - Bank Employee Plants Malware on ATMs
11:46 am, April 9, 2010 - University of Cambridge discovers Chip and PIN verification “wedge” vulnerability
11:41 am, February 15, 2010 - The EU and UK Have Less Open Wireless WiFi Broadband Hotspots Than USA
11:43 am, January 8, 2010