Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn about FIXX, an automated tool for discovering multiple similar exploits from taint-style vulnerabilities in PHP web applications through this 16-minute conference presentation from USENIX Security '25. Explore how researchers from the University of Illinois Chicago developed a solution to address the time-consuming challenge of comprehensively analyzing modern web applications for vulnerabilities and exploits. Discover how FIXX combines novel concepts of path and graph similarity over graph representations of code to help web application developers detect all possible instances of known exploits within their program's code. Examine the evaluation results showing FIXX's effectiveness on 32 CVE reports containing cross-site scripting and SQL injection vulnerabilities across 19 PHP applications, which led to the discovery of 1,097 similar exploitable paths and resulted in 10 new CVE entries. Understand how this research addresses the limitation of security disclosures that typically focus on single vulnerability instances without providing information about other instances of the same vulnerability within applications.
