Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore coverage-guided fuzzing for PHP web applications in this one-hour conference talk from the 38th Chaos Communication Congress (38C3). Learn about PHUZZ, an academic fuzzing framework that outperforms traditional black-box vulnerability scanners in detecting web vulnerabilities. Discover how coverage-guided fuzzing, traditionally used for finding memory corruption bugs in binary applications, can be effectively applied to web application security testing. Understand the technical challenges of implementing coverage-guided fuzzing for web applications and see how PHUZZ successfully detects various vulnerability classes including SQLi, RCE, XSS, XXE, open redirection, insecure deserialization, and path traversal. Follow along as the framework's capabilities are demonstrated through real-world examples, including the discovery of over 20 potential security issues and two 0-day vulnerabilities in popular WordPress plugins. Gain insights into automated vulnerability discovery methods that offer a more cost-effective alternative to traditional security testing approaches like penetration testing and source code reviews.
