Security Analysis of PHP Encoder
نویسندگان
چکیده
As an open source server-side scripts language, PHP is used more and more widely by Web developers now. Protecting PHP code from being plagiarized is also a hot research issue especially with the rapid development of dynamic web industry and people’s copyright protection consciousness. Usually the developers use PHP encoders to encrypt the PHP codes before selling them out. There are several different kinds of PHP encoders with different performances. In this paper, we analyze and compare the security level of some well-known encoders. From a fully new aspect, we try to analyze the output of the encoders with the random statistical tests, which is never done before. Also, we demonstrate the soundness of our method. We figure out the test suite which is most suitable for PHP encoders and explain the reasons. Finally, we carry out the experiments and draw a conclusion about the security of the PHP encoders based on our results.
منابع مشابه
Simulation of Built-in PHP Features for Precise Static Code Analysis
The World Wide Web grew rapidly during the last decades and is used by millions of people every day for online shopping, banking, networking, and other activities. Many of these websites are developed with PHP, the most popular scripting language on the Web. However, PHP code is prone to different types of critical security vulnerabilities that can lead to data leakage, server compromise, or at...
متن کاملStatic Detection of Security Vulnerabilities in Scripting Languages
We present a static analysis algorithm for detecting security vulnerabilities in PHP, a popular server-side scripting language for building web applications. Our analysis employs a novel three-tier architecture to capture information at decreasing levels of granularity at the intrablock, intraprocedural, and interprocedural level. This architecture enables us to handle dynamic features of scrip...
متن کاملFramework for Static Analysis of PHP Applications
Dynamic languages, such as PHP and JavaScript, are widespread and heavily used. They provide dynamic features such as dynamic type system, virtual and dynamic method calls, dynamic includes, and built-in dynamic data structures. This makes it hard to create static analyses, e.g., for automatic error discovery. Yet exploiting errors in such programs, especially in web applications, can have sign...
متن کاملEnabling PHP software engineering research in Rascal
Today, PHP is one of the most popular programming languages and is commonly used in the open source community and in industry to build large application frameworks and web applications. In this paper, we discuss our ongoing work on PHP AiR, a framework for PHP Analysis in Rascal. PHP AiR is focused especially on program analysis and empirical software engineering, and is being used actively and...
متن کاملSecurity Analysis of PHP Bytecode Protection Mechanisms
PHP is the most popular scripting language for web applications. Because no native solution to compile or protect PHP scripts exists, PHP applications are usually shipped as plain source code which is easily understood or copied by an adversary. In order to prevent such attacks, commercial products such as ionCube, Zend Guard, and Source Guardian promise a source code protection. In this paper,...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- JNW
دوره 8 شماره
صفحات -
تاریخ انتشار 2013