Slides for “Vulnerability Discovery in Closed Source/Encrypted PHP Applications”

December 30th, 2008 | by Stefan Esser |

Two days ago I presented my session about bytecode encrypted PHP applications and how to find vulnerabilities in them at 25C3. I didn’t upload the slides until now, because I got ill during the night after my talk and therefore spent most of yesterday in my hotelroom. But here are the slides.

Session: Vulnerability Discovery in Closed Source/Encrypted PHP Applications

Security audits of PHP applications are usually performed on a source code basis. However sometimes vendors protect their source code by encrypting their applications with runtime (bytecode-)encryptors. When these tools are used source code analysis is no longer possible and because these tools change how PHP works internally, several greybox security scanning/fuzzing techniques relying on hooks fail, too.

  1. 3 Responses to “Slides for “Vulnerability Discovery in Closed Source/Encrypted PHP Applications””

  2. By Sven on Dec 19, 2009 | Reply

    So, where is my bottle of soju? I’m coming to 26c3, so we could handle that there.

  1. 2 Trackback(s)

  2. Jan 5, 2009: PHTML Encoder Pro vs. Ioncube PHP Encoder - PHPUGFFM - PHP User Group Frankfurt am Main
  3. Feb 13, 2009: PHP Verschlüsseln und Entschlüsseln - Seite 2 - php.de

Post a Comment