Static Code Analysis of Complex PHP Application Vulnerabilities
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore static code analysis techniques for identifying complex PHP application vulnerabilities in this 40-minute conference talk from AppSecEU 2016 in Rome. Delve into challenges, approach overviews, and advanced concepts such as first-order and second-order security vulnerabilities. Learn about simulation, object-oriented analysis, security mechanisms, context-sensitive change analysis, persistent data store detection, and gadget chain detection. Gain insights into property-oriented programming, object injection, and methods for detecting gadget chains. Conclude with a comprehensive understanding of static code analysis for PHP applications and participate in a Q&A session.
Syllabus
Introduction
Outline
About me
Research timeline
Why PHP
The problem
Static Code Analysis
Challenges
Approach Overview
Simulation
ObjectOriented Analysis
First Order Security Vulnerabilities
Security Mechanisms
Context Sensitive Change Analysis
Study Paper
Demo
Second Order Security Vulnerabilities
Persistent Data Store Detection
Gadget Chain Detection
PropertyOriented Programming
Object Injection
Detect Gadget Chains
Conclusion
Questions
Taught by
OWASP Foundation
Related Courses
Secure Android App DevelopmentUniversity of Southampton via FutureLearn DevSecOps: Building a Secure Continuous Delivery Pipeline
LinkedIn Learning Microsoft DevOps Solutions: Developing Security and Compliance
Pluralsight Using Security Analysis Tools to Protect ASP.NET and ASP.NET Core Applications
Pluralsight DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
Pluralsight