Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn about FlowFusion, a groundbreaking automatic fuzzing framework designed to detect memory errors in the PHP interpreter through this Distinguished Paper Award-winning conference presentation. Discover how this innovative approach addresses a critical gap in PHP security research by focusing on interpreter-level vulnerabilities rather than just application-level issues. Explore the technical methodology behind FlowFusion's dataflow fusion technique, which merges multiple test cases to create more complex code semantics for comprehensive testing. Understand the framework's multi-pronged strategy incorporating test mutation, interface fuzzing, and environment crossover to maximize bug detection capabilities. Examine the impressive evaluation results showing FlowFusion's discovery of 158 previously unknown bugs in the PHP interpreter, with 125 successfully fixed and 11 confirmed by developers. Compare FlowFusion's performance against existing testing methods, including the official PHP test suite, naive concatenation approaches, and state-of-the-art fuzzers like AFL++ and Polyglot, demonstrating 24% greater code coverage after 24 hours of testing. Gain insights into why memory errors in PHP interpreters pose significant risks to web server security and how FlowFusion's integration into the official PHP toolchain represents a major advancement in interpreter security testing.
