Holistic Concolic Execution for Dynamic Web Applications via Symbolic Interpreter Analysis
Penghui Li, Wei Meng, Mingxue Zhang, Chenlin Wang, Changhua Luo
IEEE Symposium on Security and Privacy 2024 · Day 1 · Continental Ballroom 4
This talk, presented by Penghui Li, introduces a groundbreaking methodology named **Symbolic Interpreter Analysis (SIA)** for performing **concolic execution** on dynamic web applications. Developed in collaboration with the Chinese University of Hong Kong and Jan University (likely Zhejiang University), this research addresses a fundamental challenge in analyzing modern web applications: their inherent multilingual nature. Unlike traditional approaches that struggle with the complexity of code spanning multiple programming languages (e.g., PHP web application code interacting with underlying C-based PHP interpreter functionalities), SIA offers a holistic and accurate solution by directly leveraging the language interpreter itself.
AI review
This is a groundbreaking talk on concolic execution for dynamic web applications. The Symbolic Interpreter Analysis (SIA) and the `yPC` concept offer a truly novel and scalable solution to the multilingual challenge, delivering superior coverage and vulnerability detection with significantly reduced engineering effort.