Building Viruses in PHP
The common saying goes u201cYou have to think like a crook to catch a crooku201d, so lets put ourselves in our adversaryu2019s shoes. We are going to (theoretically) infect the well-crafted code of the PHP Joburg Meetup group. What are we after and how will we do it? In this presentation Iu2019ll first build a simple threat model of the kind of attacker and virus most commonly targeting our web applications. Then Iu2019ll use our favourite programming language to build said virus in a series of demos. In the (paraphrased) words of Thanos: u201cIu2019ll use the PHP to destroy the PHPu201d ;-) Through this weu2019ll cover how, despite rigorously coding with sane security measures, our code may still get infected, but by glimpsing the mindset of our adversary, youu2019ll leave with a fresh perspective that will improve the security of the code you write going forward. At the very least, youu2019ll be better armed to fix the next pwned CMS you encounter.
★
★
★
★
★
246 views • 22 slides
