DOCSLIB.ORG

Compositional Evolution of Secure Services Using Aspects ANR Project

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Compositional Evolution of Secure Services Using Aspects ANR Project Compositional Evolution of Secure Services with Aspects CESSA Compositional Evolution of Secure Services using Aspects ANR project no. 09-SEGI-002-01 Demonstrator for ERP Abstract. One of the CESSA Project’s main goals is to provide mechanisms that provide clear separation of security functionality from other concerns in Service Oriented Architectures using the Aspect-Oriented Programming paradigm. In this document, we report on the application of the methodologies and techniques de- veloped by CESSA to address diverse security problems in distributed enterprise service-oriented software. Among other contributions, we automate the mitigation of security vulnerabilities in web services, the enforcement of privacy policies, and provide security for collaborations using the REST web service de facto standard. Deliverable No. I3.3 Task No. 3 Type Deliverable Dissemination Public Status Final Version 1.0 Date 11 Jan. 2013 Authors Julien Massiera, Jean-Christophe Pazzaglia, Anderson Santana de Oliveira, Theodoor Scholte, Jakub Sendor, Gabriel Serme (SAP); Yves Roudier, Muhammad Sabir Idrees (Eurecom) Contents 1 Introduction 5 2 Adaptive Security 7 2.1 Context and Motivation . .7 2.2 Services . .7 2.3 Security . .8 2.4 Aspect-Oriented Programming . .9 2.5 Architecture proposal . .9 2.6 Application Example . 11 2.7 Related work . 14 2.8 Summary . 15 3 Aspects for the Correction of Security Vulnerabilities in Web Services and Applica- tions 16 3.1 Context and Motivation . 16 3.2 An agile approach . 17 3.3 Architecture . 18 3.4 Static analysis . 20 3.4.1 Static Analysis Process . 20 3.4.2 Multiple vulnerability analysis . 21 3.5 Assisted Remediation . 23 3.5.1 Methdoology . 24 3.5.2 Constraints from Aspect-Oriented Programming . 26 3.6 Related work . 27 3.7 Summary . 28 4 Automated Prevention of Input Validation Vulnerabilities in Web Applications 30 4.1 Introduction . 30 4.2 Preventing input validation vulnerabilities . 31 4.2.1 Output sanitization . 31 4.2.2 Input validation . 32 4.2.3 Discussion . 32 4.3 Output Sanitization and Input Validation . 33 2 4.4 IPAAS . 34 4.4.1 Parameter Extraction . 35 4.4.2 Parameter Analysis . 35 4.4.3 Runtime Enforcement . 36 4.4.4 Prototype Implementation . 37 4.4.5 Discussion . 38 4.5 Evaluation . 38 4.5.1 Vulnerabilities . 39 4.5.2 Automated Parameter Analysis . 39 4.5.3 Static Analyzer . 41 4.5.4 Impact . 43 4.6 Related Work . 44 4.6.1 Input validation . 44 4.6.2 Attack detection and prevention . 45 4.6.3 Vulnerability analysis . 46 4.7 Summary . 46 5 Enabling Message Security for RESTful Services 47 5.1 Context . 47 5.2 REST Security Protocol . 48 5.2.1 Message Security Model . 48 5.2.2 PKI-based message exchange . 48 5.2.3 The REST Security principle . 48 5.2.4 Message Signature . 50 5.2.5 Message Encryption . 51 5.2.6 Signature and Encryption . 53 5.2.7 Multiparts . 54 5.3 Comparison to WS-Security . 55 5.3.1 Environment & Methodology . 55 5.3.2 Size comparison . 56 5.3.3 Processing performance comparison . 59 5.4 Related Work . 60 5.5 Summary . 61 6 Automating Privacy Enforcement in Cloud Platforms 62 6.1 Context and Motivation . 62 6.2 Privacy-Aware Applications in the Cloud . 64 6.2.1 Use case . 64 6.2.2 Background: Privacy Policy Language . 65 6.3 Privacy Enhanced Application Programming . 67 6.3.1 Programming Model . 67 6.3.2 Implementation . 68 6.4 Related Works . 71 3 6.5 Summary . 72 7 Concluding Remarks 74 7.1 Acknowledgments . 74 Bibliography 75 4 Chapter 1 Introduction One of the CESSA Project’s main goals is to provide mechanisms that provide clear separation of security functionality from other concerns in Service Oriented Architectures using the Aspect- Oriented Programming paradigm. In this document, we report on several application of the methodologies and techniques developed by CESSA to address diverse security problems around service oriented architectures. Although ERP (Enterprise Resource Planning), remains the foundation of SAP’s reputation and one of the company’s major product lines, we focused on developing proof of concepts over the software platform the company is providing today. The SAP Netweaver Cloud1 allows to build web applications and services in a dedicated development environment based on Eclipse. The developed service oriented artifacts can be deployed over the SAP cloud infrastructure, what characterized the solution as a Platform as a Service. We have chosen to maintain the title of the deliverable as suggested in the description of work for ease of reference and for coherence with respect to the document. Therefore this deliverable brings several contributions around securing SOA’s with Aspect-Oriented techniques either vertically or horizontally, mainly reporting the work executed in the context of the Tasks 3.2 “Security-related aspects and aspect interfaces for use cases” and 3.3 “Design and development of a proof of concept implementation for enterprise information systems”. We summarize these contributions and outline the remainder of the current deliverable as follows : • Chapter 2 proposes a framework for security mechanisms adaptation when services are involved by using Aspect-Oriented-Programming (AOP) concepts that can be applied to SCM applications. The novelty is the expressivity of security policy at a global level and the enforcement at a local level, through a specific and distributed aspect model that has a larger semantic to catch up events relevant for business usage and dedicated to security concerns. This work has been published at WSSCM2011 [99]. • Chapter 3 introduces an integrated Eclipse plug-in to assist developers in the detection and mitigation of security vulnerabilities using Aspect-Oriented Programming early in the development life-cycle. The work is a combination of static analysis and protection code 1http://scn.sap.com/community/developer-center/cloud-platform 5 generation during the development phase. We leverage the developer interaction with the integrated tool to obtain more knowledge about the system, and to report back a better overview of the different security aspects already applied. This work appeared at the SE- CURWARE 2012 [97], where it has received the best paper award2. • Chapter 4 brings a novel technique for preventing the exploitation of XSS and SQL in- jection vulnerabilities based on automated data type detection of input parameters. IPAAS automatically and transparently augments otherwise insecure web application development environments with input validators that result in significant and tangible security improve- ments for real systems. Specifically, IPAAS automatically (i) extracts the parameters for a web application; (ii) learns types for each parameter by applying a combination of machine learning over training data and a simple static analysis of the application; and (iii) auto- matically applies robust validators for each parameter to the web application with respect to the inferred types. These validators, which can be seen as message interceptors, act around web services and applications, making input validation an aspectualized concern. This work has appeared in COMPSAC 2012 [94]. • Chapter 5 presents the REST security protocol to provide secure service communication to RESTful web services, as the mainstream service providers nowadays are shifting to REST-based services in the detriment of SOAP-based ones. REST proposes a lightweight approach to consume resources with no specific encapsulation, thus lacking of meta-data descriptions for security requirements. Currently, the security of RESTful services relies on ad-hoc security mechanisms (whose implementation is error-prone) or on the transport layer security (offering poor flexibility). The chapter also provides performance analysis when compared to equivalent WS-Security configuration. This work was published in the research track of ICWS 2012 [98]. • Chapter 6 experiments with vertical composition for the enforcement of privacy policies in SOA. The enforcement of privacy policies is facilitated in a Platform as a Service. Cloud service developers can use simple “aspect” annotations in the code to indicate where per- sonally identifiable information is being handled, prior to the application deployment in the cloud. The evaluation of user defined preferences is performed by trustful components generated by the platform, releasing developers from the creation of ad hoc mechanisms for privacy enforcement. This work was published in the proceedings of the Data Privacy Management Workshop [114]. • Chapter 7 concludes the deliverable. 2http://www.iaria.org/conferences2012/AwardsSECURWARE12.html 6 Chapter 2 Adaptive Security 2.1 Context and Motivation An SCM application can be viewed as a long chain process along which goods have to pass through mandatory gates. It involves various devices, from embedded systems like sensors to large-scale servers in backend systems. Sensors usages are dedicated to data collection and signal triggering. They try to capture real-world status and measure it. Backend systems allow for data processing but need to adapt to all devices communicating with them, as each can have a different communication protocol and data format. The heterogeneity of platforms and software used in devices makes it difficult to manage simple security rules, especially across a supply chain. In order to deal with the multiple possi- bilities and not to interfere with the business part of software, one might want to describe security behavior for one system that adapts to security capabilities of systems communicating with it. To do so, we propose an architecture that allows correct modularization of security concerns to quickly intervene in applications and make them adapt to the conditions they can face up to. The application uses the SOA architectural style to provide a loosely-coupled platform where entities can integrate with each other. In the following sections, we start by explaining the dif- ferent concepts we are using in our proposed architecture. Namely, Web Services and SOA concepts, security properties we aim to express in an adaptive manner and also AOP (Aspect- oriented programming) paradigm.
Load more

Recommended publications
  • Guidelines for Tools Development and Operating Environments
    Managing social, behavioral and economic data and metadata Guidelines for Tools Development and Operating Environments Author/Maintainer Pascal Heus, Open Data Foundation Contributors Jack Gager(Metadata Technology), Jannick Jensen (Danish Data Archive), Herve Lhours (UKDA) Version 2010-08-03 Table of Contents Overview....................................................................................................................................................2 Product Development.................................................................................................................................3 Environment.......................................................................................................................................... 3 Collaborative environment.................................................................................................................... 4 Licensing............................................................................................................................................... 5 Products Guide...........................................................................................................................................8 Overview............................................................................................................................................... 8 Web server software.............................................................................................................................. 8 Rich client Platforms...........................................................................................................................10
    [Show full text]
  • 2008 BZ Research Eclipse Adoption Study
    5th Annual Eclipse Adoption Study November 2008 (With comparisons to November 2007, November 2006, November 2005 and September 2004 Studies) 7 High Street, Suite 407 Huntington, NY 11743 631-421-4158 www.bzresearch.com © BZ Research November 2008 Eclipse Adoption Study © BZ Research November 2008 Table of Contents Table of Contents................................................................................................................................................... 2 Methodology .......................................................................................................................................................... 4 Universe Selection ................................................................................................................................................. 6 Question 1. Do the developers within your organization use Eclipse or Eclipse-based tools? ........................ 7 Question 2. Which version(s) of Eclipse are you using? .................................................................................... 8 Question 3. How long have you been using Eclipse or Eclipse-based tools and technologies (either at work, or for your personal projects)?.............................................................................................................................. 9 Question 4. What type of software are you (or your organization) developing using Eclipse-based tools and technologies? (Note: OSI refers to Open Source Initiative, see www.opensource.org for more information.) ...............................................................................................................................................................................10
    [Show full text]
  • RCP Applications
    Helios Wayne Beaton The Eclipse Foundation Copyright © 2010 Eclipse Foundation, Inc., Made available under the Eclipse Public License v 1.0 What is Eclipse? Copyright © 2010 Eclipse Foundation, Inc., Made available under the Eclipse Public License v 1.0 Eclipse is a Java IDE .Language-aware editors, views, ¼ .Refactoring support .Integrated unit testing and debugging .Incremental compilation and build .Team development support Copyright © 2010 Eclipse Foundation, Inc., Made available under the Eclipse Public License v 1.0 3 Eclipse is an IDE Framework .Eclipse + JDT = Java IDE . First class framework for Java, language aware editor, incremental build, integrated debugging, ... .Eclipse + CDT = C/C++ IDE . First class framework for C/C++, language aware editor, refactoring, search .Eclipse + PDT = PHP IDE .Eclipse + JDT + CDT + PDT = Java, C/C++, PHP IDE . Ruby, TCL, JavaScript, ... Copyright © 2010 Eclipse Foundation, Inc., Made available under the Eclipse Public License v 1.0 4 Eclipse is a Tools Framework .Plug-ins make Eclipse whatever you need it to be .Platform of frameworks and exemplary tools .Tools extend the platform using bundles/plug-ins . Business Intelligence and Reporting Tools, Web Tools, Data Tools, Eclipse Modeling Framework, ... Copyright © 2010 Eclipse Foundation, Inc., Made available under the Eclipse Public License v 1.0 5 Eclipse is a Application Framework .Remove the IDE elements; you're left with a general-purpose application framework . Linux, Windows, Mac OSX, UNIX, embedded . Rich widget set, graphics . Native-OS integration (drag and drop, OLE/XPCOM integration) .A platform for rich clients Copyright © 2010 Eclipse Foundation, Inc., Made available under the Eclipse Public License v 1.0 6 Eclipse is Runtimes! .Remove the UI elements and you©re left with a general-purpose component model .
    [Show full text]
  • Build Web Services with PHP in Eclipse Using PHP Development Tools for Contract-First Development
    Build Web services with PHP in Eclipse Using PHP development tools for contract-first development Skill Level: Intermediate Nathan A. Good ([email protected]) Senior Information Engineer Consultant 13 May 2008 Learn how to build Web services in PHP using the PHP Development Tools plug-in in Eclipse Europa. Become familiar with the PDT project, and learn how to create and deploy useful PHP projects, learn about the philosophy behind contract-first development, and understand the basic parts that make up a Web Services Description Language (WSDL) file. Section 1. Before you start About this tutorial This tutorial shows how to build Web services in PHP using the PHP Development Tools (PDT) plug-in. The PDT project was unveiled in September 2007 and was followed by V1.0.2 in January 2008. The PDT project provides first-class abilities to edit, debug, and deploy PHP applications in the Eclipse IDE. Objectives This tutorial has three main objectives. The first is to become familiar with the PDT project, and learn how to create and deploy useful PHP projects. The second is to learn about the philosophy behind contract-first development. Third, this tutorial Build Web services with PHP in Eclipse © Copyright IBM Corporation 1994, 2008. All rights reserved. Page 1 of 26 developerWorks® ibm.com/developerWorks serves as an informative overview of the basic parts that make up a WSDL file. Prerequisites You should have experience with PHP development. System requirements To get the most out of this tutorial, you need to install Eclipse Europa and the PDT plug-in. You must also install the Eclipse Web Standard Tools (WST) subproject.
    [Show full text]
  • Developing Java™ Web Applications
    ECLIPSE WEB TOOLS PLATFORM the eclipse series SERIES EDITORS Erich Gamma ■ Lee Nackman ■ John Wiegand Eclipse is a universal tool platform, an open extensible integrated development envi- ronment (IDE) for anything and nothing in particular. Eclipse represents one of the most exciting initiatives hatched from the world of application development in a long time, and it has the considerable support of the leading companies and organ- izations in the technology sector. Eclipse is gaining widespread acceptance in both the commercial and academic arenas. The Eclipse Series from Addison-Wesley is the definitive series of books dedicated to the Eclipse platform. Books in the series promise to bring you the key technical information you need to analyze Eclipse, high-quality insight into this powerful technology, and the practical advice you need to build tools to support this evolu- tionary Open Source platform. Leading experts Erich Gamma, Lee Nackman, and John Wiegand are the series editors. Titles in the Eclipse Series John Arthorne and Chris Laffra Official Eclipse 3.0 FAQs 0-321-26838-5 Frank Budinsky, David Steinberg, Ed Merks, Ray Ellersick, and Timothy J. Grose Eclipse Modeling Framework 0-131-42542-0 David Carlson Eclipse Distilled 0-321-28815-7 Eric Clayberg and Dan Rubel Eclipse: Building Commercial-Quality Plug-Ins, Second Edition 0-321-42672-X Adrian Colyer,Andy Clement, George Harley, and Matthew Webster Eclipse AspectJ:Aspect-Oriented Programming with AspectJ and the Eclipse AspectJ Development Tools 0-321-24587-3 Erich Gamma and
    [Show full text]
  • Developing PHP Applications for IBM Database Servers
    Front cover Developing PHP Applications for IBM Data Servers Develop and deploy Web solutions using PHP and IBM data servers See PHP with DB2, Informix IDS, and Cloudscape examples Port PHP applications from MySQL to DB2 Whei-Jen Chen Holger Kirstein Daniel Krook Kiran H Nair Piotr Pietrzak ibm.com/redbooks International Technical Support Organization Developing PHP Applications for IBM Data Servers May 2006 SG24-7218-00 Note: Before using this information and the product it supports, read the information in “Notices” on page xi. First Edition (May 2006) This edition applies to DB2 UDB Version 8.2, Informix IDS Version 10, PHP Versions 4 and 5, Apache 1.3, and Apache 2. © Copyright International Business Machines Corporation 2006. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Figures . vii Tables . ix Notices . xi Trademarks . xii Preface . xiii The team that wrote this redbook. xiii Acknowledgement. xv Become a published author . xvi Comments welcome. xvi Chapter 1. Technology overview . 1 1.1 Web application environment . 2 1.1.1 Web application advantages . 2 1.1.2 Web application challenges . 3 1.1.3 The state of the Web application world . 4 1.1.4 Web application components . 4 1.2 IBM data servers . 5 1.2.1 DB2 data server . 5 1.2.2 Informix database server family . 8 1.2.3 Cloudscape . 10 1.3 HTTP Servers . 11 1.3.1 Apache HTTP Server . 12 1.3.2 IBM HTTP Server . 15 1.3.3 Which Web server do I choose? .
    [Show full text]
  • Develop and Maintain Code Faster Find & Solve Problems Quickly
    The leading professional-grade PHP development environment Features at a Glance Zend Studio maximizes developer productivity by enabling you to develop and maintain code faster, solve application problems more quickly, and improve team collaboration. Powerful Code Editor Based on the Eclipse PHP Developers Tools (PDT) project led by Zend, Zend Studio Easy Code Navigation offers all the development capabilities required by professional PHP developers as well as a plethora of plug-ins that enable you to extend and customize your Zend Framework Integration environment. PHP Code Generation Develop and Maintain Code Faster Zend Server Integration Create high-quality code quickly with a host of powerful features including: Advanced Debugging • Syntax highlighting, code folding, code completion, code formatter • In-place code refactoring, PHPUnit Testing variable/method extraction • Semantic analysis and quick fix Database and SQL Tools suggestions Team Collaboration • Tight integration with Zend Framework Support for Agile Development • Code generation using the Zend Framework Zend_Tool Technical Support • Reuse Java code through Zend Server’s Java Bridge • Write and run queries for all popular databases Find & Solve Problems Quickly Easily detect and pinpoint problems during development, testing, and after the application is deployed to the production environment: • View performance and functional issues detected by Zend Server from within the Zend Studio user interface • Reproduce and debug any problem detected in the test lab or in the production
    [Show full text]
  • PHP: Kick-Off
    PHP: Kick-off PHP: Kick-off Mohammad Yaqub [email protected] Your safety is important . Where is the fire exit? . Beware of hazards Tripping over bags and coats . Please tell us if anything does not work . Let us know if you have any other concerns 2 Your comfort is important . The toilets are along the corridor just outside the teaching rooms . The rest area is where you registered; it has vending machines and a water cooler . The seats at the computers are adjustable . You can adjust the monitors for height, tilt and brightness 3 Prerequisites • Programming concepts course • HTML To see any web page HTML/CSS/JS code • CSS Right click and click View Source • Client-side scripts (e.g., JavaScript) • Server-side scripts (e.g., PHP) 4 What are we going to do today? • Exploring small example programs • Based on principles in Programming Concepts course • Working in pairs • Discussion encouraged (feedback very desirable) • We will use Eclipse as an editor • We will use XAMPP as a webserver XAMPP & Eclipse • Eclipse is a free editor which can be used to write HTML, CSS, JavaScript, PHP, etc. After Installation you need to download “PHP Development Tools” PDT as follows: • Open Eclipse and go to Help-> Install New Software • Change “Work with” All available sites • Type PDT in the filter • Choose PHP Development Tools from the Programming languages option • Click Next to continue and finish installation • XAMPP is a free web server. It is a software package that allows the integration of PHP, MySQL and Perl into one distribution •
    [Show full text]
  • Mastering EOS Release 1.0
    Mastering EOS Release 1.0 Sean Fisk and Ira Woodring May 12, 2015 CONTENTS 1 Introduction 3 1.1 Physical Access (Keycards) ....................................... 3 1.2 Computer Access (Credentials) ..................................... 3 2 Rules and Procedures 5 2.1 Disk Space ................................................ 5 2.2 Copyrighted Material ........................................... 5 2.3 Food and Drink .............................................. 6 2.4 Overnight Parking ............................................ 6 2.5 Living in the Lab ............................................. 6 2.6 Malicious Activity ............................................ 6 2.7 Games .................................................. 6 3 Using the Command Line 7 3.1 Command-Line Basics .......................................... 7 3.2 Available Shells ............................................. 7 3.3 Interactive Shell Use ........................................... 10 3.4 Shell Scripting .............................................. 24 4 Remote Access (SSH/VNC) 27 4.1 Inter-EOS SSH .............................................. 27 4.2 Microsoft Windows ........................................... 28 4.3 Mac OS X ................................................ 36 4.4 GNU/Linux ................................................ 49 5 User-level Software Installation 65 5.1 The Standard Hierarchy ......................................... 65 5.2 Manual Installation ............................................ 66 5.3 Linuxbrew ...............................................
    [Show full text]
  • Easy Development of Web Applications Using Webodra2 and a Dedicated IDE
    International Journal on Advances in Internet Technology, vol 6 no 3 & 4, year 2013, http://www.iariajournals.org/internet_technology/ 156 Easy Development of Web Applications using WebODRA2 and a Dedicated IDE Mariusz Trzaska Chair of Software Engineering Polish-Japanese Institute of Information Technology Warsaw, Poland [email protected] Abstract - The modern Web requires new ways for creating proposed to solve or reduce the problem. In particular, applications. We present our approach combining a web following Trzaska [2], the solution could use a single model framework with a modern object-oriented database and a both for the business logic and data. dedicated Integrated Development Environment (IDE). It Aside of frameworks, one of the most popular software, makes it easier to develop web applications by rising the level of widely utilized by programmers, is an Integrated abstraction. In contrast to many existing solutions, where the Development Environment (IDE). Various IDEs are on the business logic is developed in an object-oriented programming scene for many years. They provide many different services language and data is stored and processed in a relational system, and are invaluable help during software development. At the our proposal employs a single programming and query basic level they just support a programming language. language. Such a solution, together with flexible routing rules, However, their real power can be experienced when they have creates a coherent ecosystem and, as an additional benefit, reduces the impedance mismatch. Our research is supported by dedicated functionalities for particular frameworks. Similarly a working prototype of the IDE and a web framework for our to the situations with the frameworks, prototype solutions are own object-oriented database management system.
    [Show full text]
  • Pro+PHP+Refactoring.Pdf
    Pro PHP Refactoring ■ ■ ■ Francesco Trucchia and Jacopo Romei [email protected] Pro PHP Refactoring Copyright © 2010 by Francesco Trucchia and Jacopo Romei All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. ISBN-13 (pbk): 978-1-4302-2727-4 ISBN-13 (electronic): 978-1-4302-2728-1 Printed and bound in the United States of America 9 8 7 6 5 4 3 2 1 Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. President and Publisher: Paul Manning Lead Editor: Michelle Lowman Technical Reviewer: Aaron Saray Editorial Board: Clay Andres, Steve Anglin, Mark Beckner, Ewan Buckingham, Gary Cornell, Jonathan Gennick, Jonathan Hassell, Michelle Lowman, Matthew Moodie, Duncan Parkes, Jeffrey Pepper, Frank Pohlmann, Douglas Pundick, Ben Renow-Clarke, Dominic Shakeshaft, Matt Wade, Tom Welsh Coordinating Editor: Anita Castro Copy Editor: Mary Ann Fugate Compositor: Mary Sudul Indexer: Julie Grady Artist: April Milne Cover Designer: Anna Ishchenko Distributed to the book trade worldwide by Springer Science+Business Media, LLC., 233 Spring Street, 6th Floor, New York, NY 10013.
    [Show full text]
  • Debugging PHP Using Eclipse and PDT Use Xdebug Or Zend Debugger to Boost Your Productivity When Fixing Bugs in PHP Applications
    Debugging PHP using Eclipse and PDT Use XDebug or Zend Debugger to boost your productivity when fixing bugs in PHP applications Skill Level: Intermediate Nathan A. Good ([email protected]) Senior Information Engineer Consultant 17 Jun 2008 The PHP Development Tools (PDT) plug-in, when installed with Eclipse Europa, gives you that ability to quickly write and debug PHP scripts and pages. PDT supports two debugging tools: XDebug and the Zend Debugger. Learn how to configure PDT for debugging PHP scripts and discover which perspectives you use when taking closer looks at your scripts. Section 1. Before you start About this tutorial This tutorial demonstrates how to configure the PHP Development Tools (PDT) plug-in for Eclipse to debug your PHP scripts. It also introduces the perspectives you'll use (namely, PHP Debug) when taking closer looks at your PHP scripts. Objectives After completing this tutorial, you'll be able to set up either XDebug — an open source project that allows you to debug executable scripts and scripts running on a Web server — or the Zend Debugger in Eclipse using the PDT project to develop Debugging PHP using Eclipse and PDT © Copyright IBM Corporation 1994, 2008. All rights reserved. Page 1 of 35 developerWorks® ibm.com/developerWorks PHP applications. You'll understand the various parts of the PDT project's PHP Debug perspective and learn how to set up, view, and work with breakpoints. You also learn how to inspect the values of variables as you are stepping through the code, as well as how to debug PHP Web applications on your local server so you can run through your PHP Web application with the debugger.
    [Show full text]