25c3_mp3 Logo

Vulnerability discovery in encrypted closed source PHP applications

Veröffentlicht am: 28.12.2008, 16:00 Uhr
Präsentation vom: 28.12.2008, 16:00 Uhr

Autor: Stefan Esser

Abstract: Security audits of PHP applications are usually performed on a source code basis. However sometimes vendors protect their source code by encrypting their applications with runtime (bytecode-)encryptors. When these tools are used source code analysis is no longer possible and because these tools change how PHP works internally, several greybox security scanning/fuzzing techniques relying on hooks fail, too.

Speakers: Stefan Esser
Language: en
Date: 2008-12-28
Time: 16:00
Room: Saal 1

More information...