Related Event: PHP Security Course – Advanced PHP Auditing at Source and Bytecode level

May 19th, 2010

Two weeks after the Month of PHP Security closes Stefan Esser will teach an advanced PHP security course at the SyScan Singapore security conference. The course will cover advanced techniques to audit PHP applications for security problems at source code and bytecode level. Don’t miss your chance to learn howto find PHP application security vulnerabilities from our PHP security expert himself.

SyScan Singapore 2010

Advanced PHP Auditing at Source and Bytecode level

This course will teach students advanced methods and techniques for PHP applications audits at source code and at bytecode level. The students will get to know the most common PHP security problems and how to find them at source code and bytecode level. Throughout the course several free and open source software tools will be introduced and used in order to visualize application structure, find security problems with static and dynamic analysis on source code and bytecode level and also to break PHP bytecode encryption.

Student Pre-requisite:

Ability to read, understand and develop PHP code.

Software Requirement:

Required software will be delivered in form of a VMWARE Ubuntu Linux installation.

Hardware Requirement:

Laptop Computer

Course Outline:

Source Code Auditing
Introduction to PHP Source Code Audits

  • What to look for
  • How to look for it

Common and lesser known Vulnerabilities

  • How they look like
  • How to find them

Visualization Techniques

  • Code Coverage
  • Callgraphs
  • Classgraphs
  • Function Traces

Static vs. Dynamic Analysis


  • Grep + regular expressions
  • Xdebug
  • Bytesuite
  • Dot / yEd

Bytecode Level Auditing
Introduction to the Zend Engine

Instruction Set of the Zend Engine/PHP Bytecode

  • Important PHP Bytecode instructions
  • How PHP Vulnerabilities look at Bytecode Level

PHP Bytecode Visualization

  • Code Coverage at Bytecode level
  • Callgraphs
  • Code Flow Graphs
  • Classgraphs

PHP Bytecode Encryptors

  • How they work
  • Weaknesses
  • Decryption

PHP Bytecode Decompilation

Static and Dynamic Analysis

  • Collecting variable types
  • PHP Tainted Mode
  • Data flow analysis


  • Dot / yEd
  • Xdebug
  • Vld
  • Bytekit
  • Bytesuite
  • PHPDecompiler

blog comments powered by Disqus