Artemis - Toward Accurate Detection of Server-Side Request Forgeries through LLM-Assisted Inter-procedural Path-Sensitive Taint Analysis

Watch this 15-minute conference presentation from OOPSLA 2025 that introduces Artemis, a novel static taint analysis tool designed to detect Server-Side Request Forgery (SSRF) vulnerabilities in PHP web applications. Learn how researchers from ShanghaiTech University, IBM Research, and University of Glasgow developed an innovative approach that combines LLM-assisted analysis with inter-procedural path-sensitive taint analysis to overcome limitations of existing static analysis tools. Discover how Artemis extracts both PHP built-in and third-party functions as candidate source and sink functions, constructs explicit and implicit call graphs to infer function relationships, and performs sophisticated taint analysis using rules that prevent over-tainting while analyzing path condition compatibility to reduce false positives. Explore the evaluation results from testing on 250 PHP web applications, where Artemis successfully identified 207 true vulnerable paths including 106 true SSRFs with only 15 false positives, leading to the discovery of 35 new vulnerabilities with 24 confirmed and assigned CVE IDs. Gain insights into advanced static analysis techniques for web application security, PHP-specific vulnerability detection challenges, and how machine learning can enhance traditional program analysis methods for more accurate security vulnerability identification.