Vulnerability discovery in encrypted closed source PHP applications
Original File: 25c3-2678-en-vulnerability_discovery_in_encrypted_closed_source_php_applications.mp4 |
About: Vulnerability discovery in encrypted closed source PHP applications | Report Broken File | embed video
About: Vulnerability discovery in encrypted closed source PHP applications | Report Broken File | embed video
Security audits of PHP applications are usually performed on a source code basis. However sometimes vendors protect their source code by encrypting their applications with runtime (bytecode-)encryptors. When these tools are used source code analysis is no longer possible and because these tools change how PHP works internally, several greybox security scanning/fuzzing techniques relying on hooks fail, too.
Persons:- Stefan Esser
