Explore static code analysis techniques for identifying complex PHP application vulnerabilities in this 40-minute conference talk from AppSecEU 2016 in Rome. Delve into challenges, approach overviews, and advanced concepts such as first-order and second-order security vulnerabilities. Learn about simulation, object-oriented analysis, security mechanisms, context-sensitive change analysis, persistent data store detection, and gadget chain detection. Gain insights into property-oriented programming, object injection, and methods for detecting gadget chains. Conclude with a comprehensive understanding of static code analysis for PHP applications and participate in a Q&A session.
Static Code Analysis of Complex PHP Application Vulnerabilities
Overview
Syllabus
Introduction
Outline
About me
Research timeline
Why PHP
The problem
Static Code Analysis
Challenges
Approach Overview
Simulation
ObjectOriented Analysis
First Order Security Vulnerabilities
Security Mechanisms
Context Sensitive Change Analysis
Study Paper
Demo
Second Order Security Vulnerabilities
Persistent Data Store Detection
Gadget Chain Detection
PropertyOriented Programming
Object Injection
Detect Gadget Chains
Conclusion
Questions
Taught by
OWASP Foundation
