Vulnerability discovery in encrypted closed source PHP applications

Stefan Esser

Playlists: '25c3' videos starting here / audio / related events

Security audits of PHP applications are usually performed on a source code basis. However sometimes vendors protect their source code by encrypting their applications with runtime (bytecode-)encryptors. When these tools are used source code analysis is no longer possible and because these tools change how PHP works internally, several greybox security scanning/fuzzing techniques relying on hooks fail, too.

Download

Related

Embed

Share:

Tags