Two weeks after the Month of PHP Security closes Stefan Esser will teach an advanced PHP security course at the SyScan Singapore security conference. The course will cover advanced techniques to audit PHP applications for security problems at source code and bytecode level. Don’t miss your chance to learn howto find PHP application security vulnerabilities from our PHP security expert himself.
Advanced PHP Auditing at Source and Bytecode level
This course will teach students advanced methods and techniques for PHP applications audits at source code and at bytecode level. The students will get to know the most common PHP security problems and how to find them at source code and bytecode level. Throughout the course several free and open source software tools will be introduced and used in order to visualize application structure, find security problems with static and dynamic analysis on source code and bytecode level and also to break PHP bytecode encryption.
Student Pre-requisite:
Ability to read, understand and develop PHP code.
Software Requirement:
Required software will be delivered in form of a VMWARE Ubuntu Linux installation.
Hardware Requirement:
Laptop Computer
Course Outline:
Source Code Auditing
——————–
Introduction to PHP Source Code Audits
- What to look for
- How to look for it
Common and lesser known Vulnerabilities
- How they look like
- How to find them
Visualization Techniques
- Code Coverage
- Callgraphs
- Classgraphs
- Function Traces
Static vs. Dynamic Analysis
Tools
- Grep + regular expressions
- Xdebug
- Bytesuite
- Dot / yEd
Bytecode Level Auditing
———————–
Introduction to the Zend Engine
Instruction Set of the Zend Engine/PHP Bytecode
- Important PHP Bytecode instructions
- How PHP Vulnerabilities look at Bytecode Level
PHP Bytecode Visualization
- Code Coverage at Bytecode level
- Callgraphs
- Code Flow Graphs
- Classgraphs
PHP Bytecode Encryptors
- How they work
- Weaknesses
- Decryption
PHP Bytecode Decompilation
Static and Dynamic Analysis
- Collecting variable types
- PHP Tainted Mode
- Data flow analysis
Tools
- Dot / yEd
- Xdebug
- Vld
- Bytekit
- Bytesuite
- PHPDecompiler
