BSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar

•

0 recomendaciones•1,335 vistas

Shellmates

Tecnología

PHP STATIC CODE ANALISYS
Belakhdar Abdeldjalil

1

Show the code

● Simple php script
● Few pages
● Few code lines

2

Find the bug

Try to find it manually ?

3

Find the bug

How about Php tokenizer ?

7

Find the bug

Rips and taint analysis

9

Find the bug

Php tokenizer in action with Rips

10

Demo

Rips is not the miracle answer

14

In the end

● Php tokenizer is a big help
● Rips make it easier
● Not the best way for object oriented (mvc) project

15

Questions Now ?

Or later by email
riemann@opendz.org

17

Más contenido relacionado

La actualidad más candente

How not program in cCassiano Campes

Managing frontend libs in your php projectMassimiliano Arione

Managing frontend libs in your Symfony projectMassimiliano Arione

Testing tdd jasminePhilipp Fehre

Lessons for developers - long editionPieter Joost van de Sande

Kotlin vs Java • Bapusaheb Patil • TechieAid TalkBapusaheb Patil

Tetuan Valley Startup School - Guest mentor Angel Luis Quesada (Kubide)Luis Rivera

La actualidad más candente (7)

How not program in c

Managing frontend libs in your php project

Managing frontend libs in your Symfony project

Testing tdd jasmine

Lessons for developers - long edition

Kotlin vs Java • Bapusaheb Patil • TechieAid Talk

Tetuan Valley Startup School - Guest mentor Angel Luis Quesada (Kubide)

Destacado

Dynamic PHP web-application analysisax330d

RIPS - static code analyzer for vulnerabilities in PHPSorina Chirilă

Night of the Long KnivesDHUMPHREYS

Static Analysis of PHP Code – IPC Berlin 2016Rouven Weßling

XSSの評価基準とRIPSプラグイン的なものを作ったyamaguchi_2048

PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...Rouven Weßling

ニューラルネットワークによる音声の分類yamaguchi_2048

Modern Static Code Analysis in PHPVladimir Reznichenko

Social Intelligence 2.0.comsulter

Php in the graph (Gremlin 3)Damien Seguy

Review unknown code with static analysis - bredaphpDamien Seguy

Static analysis saved my code tonightDamien Seguy

當六脈神劍遇上 PhpStormOomusou Xiao

The Night of the Long Knivesjeffmarshall

Destacado (14)

Dynamic PHP web-application analysis

RIPS - static code analyzer for vulnerabilities in PHP

Night of the Long Knives

Static Analysis of PHP Code – IPC Berlin 2016

XSSの評価基準とRIPSプラグイン的なものを作った

PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...

ニューラルネットワークによる音声の分類

Modern Static Code Analysis in PHP

Social Intelligence 2.0

Php in the graph (Gremlin 3)

Review unknown code with static analysis - bredaphp

Static analysis saved my code tonight

當六脈神劍遇上 PhpStorm

The Night of the Long Knives

Similar a BSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar

Php mythsKapil Sharma

Enterprise PHP (php|works 2008)Ivo Jansch

Dynamic Languages In The Enterprise (4developers march 2009)Ivo Jansch

The road to php 7.1Michelangelo van Dam

WeActuallyBuildStuff - Extreme Programming LiveJohannes Brodwall

Code reviews - Leave your ego at the doorFrank Sons

Php Development Best Practicesphandungtienvn

Dev presentationDavid Ford

Enterprise PHP Development - ZendCon 2008Ivo Jansch

DPC2007 Objects Of Desire (Kevlin Henney)dpc

Spoilers fosdem-2013Riccardo Bernardini

En Route To Industry: Tips on Transferring from College into IndustryDoreen Hakimi

The 7 Sins of Software Engineers in HEPIoannis Baltopoulos

PHP, Under The Hood - DPCAnthony Ferrara

Phpworks enterprise-php-1227605806710884-9PrinceGuru MS

Web Application Testing. A Quick Guide to Testing and SecurityThe Software House

Agile Programming Live - AgilePrague2012Johannes Brodwall

top developer mistakes Hanokh Aloni

Similar a BSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar (18)

Php myths

Enterprise PHP (php|works 2008)

Dynamic Languages In The Enterprise (4developers march 2009)

The road to php 7.1

WeActuallyBuildStuff - Extreme Programming Live

Code reviews - Leave your ego at the door

Php Development Best Practices

Dev presentation

Enterprise PHP Development - ZendCon 2008

DPC2007 Objects Of Desire (Kevlin Henney)

Spoilers fosdem-2013

En Route To Industry: Tips on Transferring from College into Industry

The 7 Sins of Software Engineers in HEP

PHP, Under The Hood - DPC

Phpworks enterprise-php-1227605806710884-9

Web Application Testing. A Quick Guide to Testing and Security

Agile Programming Live - AgilePrague2012

top developer mistakes

Más de Shellmates

Cryptography basicsShellmates

HTML basics Shellmates

Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15Shellmates

Atelier Python 2eme partie par Achraf Kacimi El HassaniShellmates

JavaScript 1.0 by Zakaria SmahiShellmates

Introduction à Python - Achraf Kacimi El HassaniShellmates

BSides Algiers - Stuxnet - Sofiane TalmatShellmates

BSides Algiers - Linux Kernel and Recent Security Protections - Djallal HarouniShellmates

BSides Algiers - Layer7 DoS Attacks - Oussama ElhamerShellmates

BSides Algiers - Reversing Win32 applications - Yacine HebbalShellmates

BSides Algiers - Nmap Scripting Engine - Hani BenhabilesShellmates

BSides Algiers - Normes ISO 2700x - Badis RemliShellmates

BSides Algiers - Metasploit framework - Oussama ElhamerShellmates

BSides Algiers - Certification Electronique - Lilia OuniniShellmates

BSides algiers - Malware History - Sofiane TalmatShellmates

Más de Shellmates (15)

Cryptography basics

HTML basics

Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15

Atelier Python 2eme partie par Achraf Kacimi El Hassani

JavaScript 1.0 by Zakaria Smahi

Introduction à Python - Achraf Kacimi El Hassani

BSides Algiers - Stuxnet - Sofiane Talmat

BSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni

BSides Algiers - Layer7 DoS Attacks - Oussama Elhamer

BSides Algiers - Reversing Win32 applications - Yacine Hebbal

BSides Algiers - Nmap Scripting Engine - Hani Benhabiles

BSides Algiers - Normes ISO 2700x - Badis Remli

BSides Algiers - Metasploit framework - Oussama Elhamer

BSides Algiers - Certification Electronique - Lilia Ounini

BSides algiers - Malware History - Sofiane Talmat

Último

Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services

Exploring Multimodal Embeddings with MilvusZilliz

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea

CNIC Information System with Pakdata Cf In Pakistandanishmna97

FWD Group - Insurer Innovation Award 2024The Digital Insurer

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays

Why Teams call analytics are critical to your entire businesspanagenda

Understanding the FAA Part 107 License ..Christopher Logan Kennedy

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra

TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney

DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software

Corporate and higher education May webinar.pptxRustici Software

DBX First Quarter 2024 Investor PresentationDropbox

MS Copilot expands with MS Graph connectorsNanddeep Nachan

AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin

Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea