Vulnerability discovery in encrypted closed source PHP applications
- Type
- Audio
- Tags
- PHP, vulnerability, web application
- Authors
- Stefan Esser
- Event
- Chaos Communication Congress 25th (25C3) 2008
- Indexed on
- Mar 27, 2013
- URL
- http://ftp.ccc.de/congress/25c3/audio_only/25c3-2678-en-vulnerability_discovery_in_encrypted_closed_source_php_applications.mp3
- File name
- 25c3-2678-en-vulnerability_discovery_in_encrypted_closed_source_php_applications.mp3
- File size
- 27.4 MB
- MD5
- 7782a7b4e6ef21922d4988a6b627dbc1
- SHA1
- 269c345ad51946de9dfedf47b0c71540553549e7
Security audits of PHP applications are usually performed on a source code basis. However sometimes vendors protect their source code by encrypting their applications with runtime (bytecode-)encryptors. When these tools are used source code analysis is no longer possible and because these tools change how PHP works internally, several greybox security scanning/fuzzing techniques relying on hooks fail, too.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
