Vulnerability discovery in encrypted closed source PHP applications
Veröffentlicht am: 28.12.2008, 16:00 Uhr
Präsentation vom: 28.12.2008, 16:00 Uhr
Autor: Stefan Esser
Abstract: Security audits of PHP applications are usually performed on a source code basis. However sometimes vendors protect their source code by encrypting their applications with runtime (bytecode-)encryptors. When these tools are used source code analysis is no longer possible and because these tools change how PHP works internally, several greybox security scanning/fuzzing techniques relying on hooks fail, too.
Speakers: Stefan Esser
Room: Saal 1