htm, default.html or default.htm.
Protection of web applications
The WAP is a utility for detecting and correcting entry validating flaws in web apps that have been built in PHP and for predicting false alarms. Integrates statistical sources analytics and datamining to identify weaknesses and forecast the absence of false alarms. Subsequently, he will fix the actual flaws in the sources and add corrections (small functions) to the right places in the sources.
Leverages statistical modeling of your sources to identify weaknesses, uses datamining to forecast false alarms, and adds corrections to fix the sources. Identifies and resolves 8 kinds of petition invalidation issues. The WAP is a statistical analytics and datamining utility for the sources to identify and fix entry validating weaknesses in web application writing in PHP (version 4.0 or later) with a low level of false alarms.
The WAP vulnerability detection and fixes the following: It analyzes the semantic part of the sources. Specifically, it performs a gain parsing to identify weaknesses in validating entries. It is the goal of the gain analyzer to trace evil entries introduced by point of access ($_GET, $_POST arrays) and check whether they have reached a sensible drain (PHP features that can be utilized by evil entries such as mysql_query).
Once detected, the utility uses datamining to verify whether the weaknesses are true or false-positive. In the end, the actual weaknesses are fixed by inserting the fixed files (small bits of code) into the sources. This consists of a Baumgenerator and a TagAnalysator. Taints are analyzed by the Taint-analyzer, which navigates through the test to identify potential weaknesses.
Failure Detection Event Predictor: Consists of a monitored educated dataset with entities classed as weak points and fail detectives and the Logistic Regression automatic learn algorithms. Out of every possible weakness identified by the source analyzer, this engine gathers the existence of those attribute that defines a true plus and generates an instantiation with them.
Then the logistic regression algorithms receive the instance and classify it as incorrectly positives or non-positives (real vulnerability). Codecorrector: Every true flaw is fixed by correcting its original sources. Defines the fix that fixes the issue and signals the points in the sources where the issue will be added.
It then corrects the correction and creates new data for you. Fixed are small parts of the source codes (small PHP features designed to disinfect or validate users' input, based on the security issue type).