PHP Aspis: Using Partial Taint Tracking To Protect Against Injection Attacks

Web applications are increasingly popular victims of security attacks. Injection attacks, such as Cross Site Scripting or SQL Injection, are a persistent problem.

Even though developers are aware of them, the suggested
best practices for protection are error prone: unless all
user input is consistently filtered, any application may be

When hosting web applications, administrators face a dilemma: they can only deploy applications that are trusted or they risk their system’s security.

To prevent injection vulnerabilities, we introduce PHP Aspis: a source code transformation tool that applies partial taint tracking at the language level.

PHP Aspis augments values with taint meta-data to track their origin in order to detect injection vulnerabilities.

To improve performance, PHP Aspis carries out taint propagation only in an application’s most vulnerable parts: thirdparty plugins. We evaluate PHP Aspis with Wordpress,a popular open source weblog platform, and show that it prevents all code injection exploits that were found in Wordpress plugins in 2010.