Stranger

Stranger: An Automata-Based String Analysis Tool for PHP. Stranger is an automata-based string analysis tool for finding and eliminating string-related security vulnerabilities in PHP applications. Stranger uses symbolic forward and backward reachability analyses to compute the possible values that the string expressions can take during program execution. Stranger can automatically (1) prove that an application is free from specified attacks or (2) generate vulnerability signatures that characterize all malicious inputs that can be used to generate attacks.


References in zbMATH (referenced in 15 articles )

Showing results 1 to 15 of 15.
Sorted by year (citations)

  1. Amadini, Roberto; Gange, Graeme; Stuckey, Peter J.: Dashed strings for string constraint solving (2020)
  2. Abdulla, Parosh Aziz; Atig, Mohamed Faouzi; Diep, Bui Phi; Holík, Lukáš; Janků, Petr: Chain-free string constraints (2019)
  3. Day, Joel D.; Ganesh, Vijay; He, Paul; Manea, Florin; Nowotka, Dirk: The satisfiability of word equations: decidable and undecidable theories (2018)
  4. Amadini, Roberto; Flener, Pierre; Pearson, Justin; Scott, Joseph D.; Stuckey, Peter J.; Tack, Guido: Minizinc with strings (2017)
  5. Wüstholz, Valentin; Olivo, Oswaldo; Heule, Marijn J. H.; Dillig, Isil: Static detection of DoS vulnerabilities in programs that use regular expressions (2017)
  6. Zheng, Yunhui; Ganesh, Vijay; Subramanian, Sanu; Tripp, Omer; Berzish, Murphy; Dolby, Julian; Zhang, Xiangyu: Z3str2: an efficient solver for strings, regular expressions, and length constraints (2017)
  7. Liang, Tianyi; Reynolds, Andrew; Tsiskaridze, Nestan; Tinelli, Cesare; Barrett, Clark; Deters, Morgan: An efficient SMT solver for string constraints (2016)
  8. Prokhorenko, Victor; Choo, Kim-Kwang Raymond; Ashman, Helen: Context-oriented web application protection model (2016)
  9. Liang, Tianyi; Tsiskaridze, Nestan; Reynolds, Andrew; Tinelli, Cesare; Barrett, Clark: A decision procedure for regular membership and length constraints over unbounded strings (2015)
  10. Yu, Fang; Alkhalaf, Muath; Bultan, Tevfik; Ibarra, Oscar H.: Automata-based symbolic string analysis for vulnerability detection (2014)
  11. Fu, Xiang; Powell, Michael C.; Bantegui, Michael; Li, Chung-Chih: Simple linear string constraints (2013)
  12. Veanes, Margus; Bjørner, Nikolaj: Symbolic automata: the toolkit (2012)
  13. Hooimeijer, Pieter; Veanes, Margus: An evaluation of automata algorithms for string analysis (2011)
  14. Yu, Fang; Bultan, Tevfik; Ibarra, Oscar H.: Relational string verification using multi-track automata (2011)
  15. Yu, Fang; Alkhalaf, Muath; Bultan, Tevfik: Stranger: an automata-based string analysis tool for PHP (2010) ioport