Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Security Module for PHP7 - Killing Bugclasses and Virtual-Patching the Rest

44CON Information Security Conference via YouTube

Overview

Explore a conference talk from 44CON 2018 on developing Snuffleupagus, an open-source PHP security module designed to address vulnerabilities in PHP7 applications. Learn about passive bug class elimination, virtual-patching techniques, and how this module improves upon the aging Suhosin. Discover methods for implementing precise, false-positive-free, and low-overhead security measures without modifying application code. Gain insights into PHP-specific security challenges, remote administration, granular patching, and strategies for preventing common vulnerabilities like XSS and remote code execution. Understand the module's performance implications and future development plans, including workshop opportunities and documentation resources.

Syllabus

Intro
PHP internal code
Remote administration
elephant
chaching
granular patching
virtual machine
extra parameter
value stream
kill vulnerability
stealing XSS
cookies
unsterilized
remote code execution
remote boot
R documentation
Xxe
CV
Support values
File manipulation
bug tracker
comparison
PHP madness
No Passport
Strict Mode
ReadOnly Detection
Dump Rules
My sequel query
Performance
Going forward
Workshop
Documentation
PHP
Thank you

Taught by

44CON Information Security Conference

Reviews

Start your review of Security Module for PHP7 - Killing Bugclasses and Virtual-Patching the Rest

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.