Project of Security Testing, Fall Semester 2017, University of Trento.
The project consist in the Static Taint Analysis for XSS vulnerabilities of the PHP application SchoolMate using Pixy. In particular, the following tasks were performed:
- Static Taint Analysis of the vulnerable application
- Categorization of the reported vulnerabilities
- Proof-of-Concept attacks for the true positive vulnerabilities
- Fix of all reported vulnerabilities
- Report of the analysis results
The repository structure reflects the performed activies:
| Folder | Description |
|---|---|
| taint_analysis | Results of the Static Taint Analysis. |
| schoolmate | Code of the original and fixed application, as well as the SQL scripts needed to set it up. |
| security_test_cases | Security Test Cases, Proof-of-Concept attacks. |
| report | Report of the analysis. |
You can use the provided Docker Compose file to quickly run both the original and the fixed application.
cd schoolmate/original_application
docker-compose upcd schoolmate/fixed_application
docker-compose upThe test cases are written in Java, usin JUnit and JWebUnit. You can use the Gradle wrapper to run them:
cd security_test_cases
./gradlew check The tests will point by default to http://localhost:2001/.
You can use any custom location using the BASE_URL environment variable.
# run the tests against the original application
BASE_URL=http://localhost:2001/ ./gradlew check
# run the tests against the fixed application
BASE_URL=http://localhost:2002/ ./gradlew check