Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Discover how coverage-guided fuzzing can revolutionize web application security in this 38C3 conference talk that introduces PHUZZ, an innovative framework for finding vulnerabilities in PHP web applications. Learn about the limitations of traditional black-box fuzzing methods and how PHUZZ overcomes these challenges to outperform state-of-the-art vulnerability scanners. Explore the technical implementation details of applying coverage-guided fuzzing to web applications and see real-world results from experiments where PHUZZ uncovered over 20 potential security issues and two 0-day vulnerabilities in popular WordPress plugins. The presentation covers detection capabilities for seven different vulnerability classes including SQLi, RCE, XSS, XXE, open redirection, insecure deserialization, and path traversal. Based on academic research published in "What All the PHUZZ Is About: A Coverage-guided Fuzzer for Finding Vulnerabilities in PHP Web Applications," this talk demonstrates how automated approaches can provide cost-effective and efficient vulnerability discovery compared to traditional methods like penetration testing and code reviews.
