Go to DBLP homepageHolistic Concolic Execution for Dynamic Web Applications via Symbolic Interpreter Analysis
Abstract: Symbolic execution for dynamic web applications is challenging due to their multilingual nature. Prior solutions often fall short in limited syntax support and excessive engineering costs. We propose a novel approach called symbolic interpreter analysis (SIA) for web applications written in interpreted languages. SIA tackles the limitations by leveraging the comprehensive syntax support of language interpreters and incorporating established engineering from existing symbolic execution engines. Since web application logic is handled by the interpreter, SIA leverages an off-the-shelf symbolic execution engine to analyze the corresponding interpreter code to symbolically comprehend the behavior of the web application. Indeed, SIA entails solving several technical challenges in web application symbolic execution such as web application exploration, database interactions, etc.We have implemented our approach in SymPHP, a concolic execution engine for PHP-based web applications. Our extensive evaluation shows that SymPHP could effectively explore web application code with comprehensive PHP syntax support and high code coverage. It achieved high code coverage and successfully identified 77.23% of known vulnerabilities in our dataset, significantly outperforming prior approaches. The hybrid fuzzing framework built atop SymPHP significantly boosted fuzzing and detected ten new vulnerabilities.
External IDs:dblp:conf/sp/LiMZWL24
Loading