PHP Framework with Real-Time Supervision
The growing number of web applications makes them an attractive target for attacks due to the large amount of private user data accessed, processed and stored by these applications. There are alot of development tools are available for web applications called web application frameworks. The existing framework are created for reducing programmers effort, most of them does not provide any support to supervise the development process in real-time on security and efficiency. They just provide a set of tools and classes to enhance the development process. The proposed approach aims to provide an extensible, real-time supervision framework for PHP-based web application behavior as well as generating behaviour reports for further analysis. While some detection approaches focus on analysing application logs, observing the application behaviour at run time may allow attack prevention in real time as well as attack detection. The proposed protection consists of a Prepend Component and Potentially Unsafe Function (PUF) handlers. The prepend component is responsible for setting up the PUF handlers before the requested PHP script is executed, as well as configuring the auxiliary append stage for subsequent clean-up. These two allows the programmers to control the execution of PHP Scripts in real-time.
Keywords: Intrusion Prevention System (IPS), model-view-control architecture, Potentially Unsafe Functions (PUF), PHP-intrusion detection system
Cite this Article
Aryalakshmi R, Josmy George. PHP Framework with Real-Time Supervision. Recent Trends in Programming Languages. 2018; 5(3): 11–14p.
Zheng Y, Zhang X. Path Sensitive Static Analysis of Web Applications for Remote Code Execution Vulnerability Detection. In Proc Int Conf Softw Eng (ICSE). May 2013; 652–661p.
Livshits B, Chong S. Towards Fully Automatic Placement of Security Sanitizers & Declassifiers. In Proc 40th Annu ACM SIGPLANSIGACT Symp Principles Program Lang (POPL). 2013; 385–398p.
Prokhorenko V, Choo K-KR, Ashman H. Web Application Protection Techniques: A Taxonomy. J Netw Comput Appl. Jan 2016; 60: 95–112p.
Yu F, Alkhalaf M, Bultan T. STRANGER: Automata-Based String Analysis Tool for PHP. In Proc 16th Int Conf Tools Algorithms Anal. 2010; 154–157p.
Alkhalaf M, Aydin A, Bultan T. Semantic Differential Repair for Input Validation and Sanitization. In Proc Int Symp Softw Test Anal (ISSTA), New York, NY. 2014; 225–236p.
- There are currently no refbacks.