Security Module for PHP7 - Killing Bugclasses and Virtual-Patching the Rest

Explore a conference talk from 44CON 2018 on developing Snuffleupagus, an open-source PHP security module designed to address vulnerabilities in PHP7 applications. Learn about passive bug class elimination, virtual-patching techniques, and how this module improves upon the aging Suhosin. Discover methods for implementing precise, false-positive-free, and low-overhead security measures without modifying application code. Gain insights into PHP-specific security challenges, remote administration, granular patching, and strategies for preventing common vulnerabilities like XSS and remote code execution. Understand the module's performance implications and future development plans, including workshop opportunities and documentation resources.

Intro
PHP internal code
Remote administration
elephant
chaching
granular patching
virtual machine
extra parameter
value stream
kill vulnerability
stealing XSS
cookies
unsterilized
remote code execution
remote boot
R documentation
Xxe
CV
Support values
File manipulation
bug tracker
comparison
PHP madness
No Passport
Strict Mode
ReadOnly Detection
Dump Rules
My sequel query
Performance
Going forward
Workshop
Documentation
PHP
Thank you