Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Static Code Analysis of Complex PHP Application Vulnerabilities

OWASP Foundation via YouTube

Overview

Explore static code analysis techniques for identifying complex PHP application vulnerabilities in this 40-minute conference talk from AppSecEU 2016 in Rome. Delve into challenges, approach overviews, and advanced concepts such as first-order and second-order security vulnerabilities. Learn about simulation, object-oriented analysis, security mechanisms, context-sensitive change analysis, persistent data store detection, and gadget chain detection. Gain insights into property-oriented programming, object injection, and methods for detecting gadget chains. Conclude with a comprehensive understanding of static code analysis for PHP applications and participate in a Q&A session.

Syllabus

Introduction
Outline
About me
Research timeline
Why PHP
The problem
Static Code Analysis
Challenges
Approach Overview
Simulation
ObjectOriented Analysis
First Order Security Vulnerabilities
Security Mechanisms
Context Sensitive Change Analysis
Study Paper
Demo
Second Order Security Vulnerabilities
Persistent Data Store Detection
Gadget Chain Detection
PropertyOriented Programming
Object Injection
Detect Gadget Chains
Conclusion
Questions

Taught by

OWASP Foundation

Reviews

Start your review of Static Code Analysis of Complex PHP Application Vulnerabilities

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.