Vulnerability discovery in encrypted closed source PHP applications
|
06-10-2012, 05:57 AM
(This post was last modified: 06-10-2012 06:00 AM by jaap1123.)
Post: #1
|
|||
|
|||
Vulnerability discovery in encrypted closed source PHP applications
Speaker: Stefan Esser Security audits of PHP applications are usually performed on a source code basis. However sometimes vendors protect their source code by encrypting their applications with runtime (bytecode-)encryptors. When these tools are used source code analysis is no longer possible and because these tools change how PHP works internally, several greybox security scanning/fuzzing techniques relying on hooks fail, too. This talk will show how different PHP (bytecode-)encryptions work, how the original bytecode can be recovered, how vulnerability discovery can still be performed with only the bytecode available and how feasible PHP bytecode decompilation is. |
|||
06-10-2012, 06:20 AM
Post: #2
|
|||
|
|||
RE: Vulnerability discovery in encrypted closed source PHP applications
it's too old.
Security Audit, Web Development, PHP & JavaScript Decoding & Deobfuscation, Debugging, Bug Fixing, Reverse Engineering |
|||
06-27-2012, 02:19 PM
Post: #3
|
|||
|
|||
RE: Vulnerability discovery in encrypted closed source PHP applications
Many developers encode scripts to hide bad coding.
|
|||
« Next Oldest | Next Newest »
|
User(s) browsing this thread: 1 Guest(s)