Static Code Analysis of Complex PHP Application Vulnerabilities

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!

Grab it

Explore static code analysis techniques for identifying complex PHP application vulnerabilities in this 40-minute conference talk from AppSecEU 2016 in Rome. Delve into challenges, approach overviews, and advanced concepts such as first-order and second-order security vulnerabilities. Learn about simulation, object-oriented analysis, security mechanisms, context-sensitive change analysis, persistent data store detection, and gadget chain detection. Gain insights into property-oriented programming, object injection, and methods for detecting gadget chains. Conclude with a comprehensive understanding of static code analysis for PHP applications and participate in a Q&A session.

Syllabus

Introduction
Outline
About me
Research timeline
Why PHP
The problem
Static Code Analysis
Challenges
Approach Overview
Simulation
ObjectOriented Analysis
First Order Security Vulnerabilities
Security Mechanisms
Context Sensitive Change Analysis
Study Paper
Demo
Second Order Security Vulnerabilities
Persistent Data Store Detection
Gadget Chain Detection
PropertyOriented Programming
Object Injection
Detect Gadget Chains
Conclusion
Questions

Taught by

OWASP Foundation

Reviews

Start your review of Static Code Analysis of Complex PHP Application Vulnerabilities

Taught by

Application Security for Developers and DevOps Professionals

Efficient Static Vulnerability Analysis for JavaScript with Multiversion Dependency Graphs

iOS App Integrity: Enhancing Security with Encrypted Code Modules

Never Stop Learning.