Detection, protection, evolution et test de defaillances a l'aide d'un modele inter-procedural simple

Automated tools can be helpful for doing maintenance tasks on computer software. Many kinds of tools are available for doing so; in this study we concentrate on four kinds of tools that are: detection tools, evolution tools, corrective tools and testing tools. In this thesis we study those four kinds of tools in the perspective of doing maintenance related to SQL-injections vulnerabilities in applications written in PHP. We propose to use static analysis, dynamic analysis, source code reengineering and a genetic algorithm for doing theses tasks. An inter-procedural model of the PHP source code is built for detecting SQL-injections vulnerabilities. A model of legitimate SQL queries is built by using static analysis and dynamic analysis; this model is used in an automated source code reengineering that implement an automated protection against SQL-injections vulnerabilities. An approach to automatically generate targeted testing cases by using a genetic algorithm is also presented. A case study using theses approaches have been done. We have used phpBB that is a software known for the abundance of SQL-injection vulnerabilities. An experimentation using the approach of inter-procedural static analysis has detected vulnerabilities in phpBB v2.0.0. These results have been reproduced using model checking instead of static analysis in the objective of gaining more confidence in both static analysis and model checking approaches. Also, 31 versions of phpBB have been used for studying the evolution of SQL-injections vulnerabilities. Finally, a genetic algorithm is used to automatically generate targeted testing cases. This last experimentation has been done on the DB2 database SQL query optimizer, results show that the genetic algorithm is faster then a random generator to generate targeted testing cases.