Enviar búsqueda
Cargar
BSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
•
0 recomendaciones
•
1,335 vistas
Shellmates
Seguir
Tecnología
Denunciar
Compartir
Denunciar
Compartir
1 de 17
Descargar ahora
Descargar para leer sin conexión
Recomendados
Test driven development_and_puppet-cfgmgmtcamp_eu-20140402
Test driven development_and_puppet-cfgmgmtcamp_eu-20140402
Johan De Wit
SLOID Share
SLOID Share
ssuser05c065
5 books for absolute programming beginners
5 books for absolute programming beginners
Somvir Singh
Lessons for developers
Lessons for developers
Pieter Joost van de Sande
JavaScript frontend testing from failure to good to great
JavaScript frontend testing from failure to good to great
Philipp Fehre
Code Dojo
Code Dojo
Kacper Gunia
SpecBDD in PHP
SpecBDD in PHP
Kacper Gunia
Tdd presentation
Tdd presentation
fernando_chimicoviaki
Recomendados
Test driven development_and_puppet-cfgmgmtcamp_eu-20140402
Test driven development_and_puppet-cfgmgmtcamp_eu-20140402
Johan De Wit
SLOID Share
SLOID Share
ssuser05c065
5 books for absolute programming beginners
5 books for absolute programming beginners
Somvir Singh
Lessons for developers
Lessons for developers
Pieter Joost van de Sande
JavaScript frontend testing from failure to good to great
JavaScript frontend testing from failure to good to great
Philipp Fehre
Code Dojo
Code Dojo
Kacper Gunia
SpecBDD in PHP
SpecBDD in PHP
Kacper Gunia
Tdd presentation
Tdd presentation
fernando_chimicoviaki
How not program in c
How not program in c
Cassiano Campes
Managing frontend libs in your php project
Managing frontend libs in your php project
Massimiliano Arione
Managing frontend libs in your Symfony project
Managing frontend libs in your Symfony project
Massimiliano Arione
Testing tdd jasmine
Testing tdd jasmine
Philipp Fehre
Lessons for developers - long edition
Lessons for developers - long edition
Pieter Joost van de Sande
Kotlin vs Java • Bapusaheb Patil • TechieAid Talk
Kotlin vs Java • Bapusaheb Patil • TechieAid Talk
Bapusaheb Patil
Tetuan Valley Startup School - Guest mentor Angel Luis Quesada (Kubide)
Tetuan Valley Startup School - Guest mentor Angel Luis Quesada (Kubide)
Luis Rivera
Dynamic PHP web-application analysis
Dynamic PHP web-application analysis
ax330d
RIPS - static code analyzer for vulnerabilities in PHP
RIPS - static code analyzer for vulnerabilities in PHP
Sorina Chirilă
Night of the Long Knives
Night of the Long Knives
DHUMPHREYS
Static Analysis of PHP Code – IPC Berlin 2016
Static Analysis of PHP Code – IPC Berlin 2016
Rouven Weßling
XSSの評価基準とRIPSプラグイン的なものを作った
XSSの評価基準とRIPSプラグイン的なものを作った
yamaguchi_2048
PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...
PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...
Rouven Weßling
ニューラルネットワークによる音声の分類
ニューラルネットワークによる音声の分類
yamaguchi_2048
Modern Static Code Analysis in PHP
Modern Static Code Analysis in PHP
Vladimir Reznichenko
Social Intelligence 2.0
Social Intelligence 2.0
.comsulter
Php in the graph (Gremlin 3)
Php in the graph (Gremlin 3)
Damien Seguy
Review unknown code with static analysis - bredaphp
Review unknown code with static analysis - bredaphp
Damien Seguy
Static analysis saved my code tonight
Static analysis saved my code tonight
Damien Seguy
當六脈神劍遇上 PhpStorm
當六脈神劍遇上 PhpStorm
Oomusou Xiao
The Night of the Long Knives
The Night of the Long Knives
jeffmarshall
Php myths
Php myths
Kapil Sharma
Más contenido relacionado
La actualidad más candente
How not program in c
How not program in c
Cassiano Campes
Managing frontend libs in your php project
Managing frontend libs in your php project
Massimiliano Arione
Managing frontend libs in your Symfony project
Managing frontend libs in your Symfony project
Massimiliano Arione
Testing tdd jasmine
Testing tdd jasmine
Philipp Fehre
Lessons for developers - long edition
Lessons for developers - long edition
Pieter Joost van de Sande
Kotlin vs Java • Bapusaheb Patil • TechieAid Talk
Kotlin vs Java • Bapusaheb Patil • TechieAid Talk
Bapusaheb Patil
Tetuan Valley Startup School - Guest mentor Angel Luis Quesada (Kubide)
Tetuan Valley Startup School - Guest mentor Angel Luis Quesada (Kubide)
Luis Rivera
La actualidad más candente
(7)
How not program in c
How not program in c
Managing frontend libs in your php project
Managing frontend libs in your php project
Managing frontend libs in your Symfony project
Managing frontend libs in your Symfony project
Testing tdd jasmine
Testing tdd jasmine
Lessons for developers - long edition
Lessons for developers - long edition
Kotlin vs Java • Bapusaheb Patil • TechieAid Talk
Kotlin vs Java • Bapusaheb Patil • TechieAid Talk
Tetuan Valley Startup School - Guest mentor Angel Luis Quesada (Kubide)
Tetuan Valley Startup School - Guest mentor Angel Luis Quesada (Kubide)
Destacado
Dynamic PHP web-application analysis
Dynamic PHP web-application analysis
ax330d
RIPS - static code analyzer for vulnerabilities in PHP
RIPS - static code analyzer for vulnerabilities in PHP
Sorina Chirilă
Night of the Long Knives
Night of the Long Knives
DHUMPHREYS
Static Analysis of PHP Code – IPC Berlin 2016
Static Analysis of PHP Code – IPC Berlin 2016
Rouven Weßling
XSSの評価基準とRIPSプラグイン的なものを作った
XSSの評価基準とRIPSプラグイン的なものを作った
yamaguchi_2048
PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...
PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...
Rouven Weßling
ニューラルネットワークによる音声の分類
ニューラルネットワークによる音声の分類
yamaguchi_2048
Modern Static Code Analysis in PHP
Modern Static Code Analysis in PHP
Vladimir Reznichenko
Social Intelligence 2.0
Social Intelligence 2.0
.comsulter
Php in the graph (Gremlin 3)
Php in the graph (Gremlin 3)
Damien Seguy
Review unknown code with static analysis - bredaphp
Review unknown code with static analysis - bredaphp
Damien Seguy
Static analysis saved my code tonight
Static analysis saved my code tonight
Damien Seguy
當六脈神劍遇上 PhpStorm
當六脈神劍遇上 PhpStorm
Oomusou Xiao
The Night of the Long Knives
The Night of the Long Knives
jeffmarshall
Destacado
(14)
Dynamic PHP web-application analysis
Dynamic PHP web-application analysis
RIPS - static code analyzer for vulnerabilities in PHP
RIPS - static code analyzer for vulnerabilities in PHP
Night of the Long Knives
Night of the Long Knives
Static Analysis of PHP Code – IPC Berlin 2016
Static Analysis of PHP Code – IPC Berlin 2016
XSSの評価基準とRIPSプラグイン的なものを作った
XSSの評価基準とRIPSプラグイン的なものを作った
PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...
PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...
ニューラルネットワークによる音声の分類
ニューラルネットワークによる音声の分類
Modern Static Code Analysis in PHP
Modern Static Code Analysis in PHP
Social Intelligence 2.0
Social Intelligence 2.0
Php in the graph (Gremlin 3)
Php in the graph (Gremlin 3)
Review unknown code with static analysis - bredaphp
Review unknown code with static analysis - bredaphp
Static analysis saved my code tonight
Static analysis saved my code tonight
當六脈神劍遇上 PhpStorm
當六脈神劍遇上 PhpStorm
The Night of the Long Knives
The Night of the Long Knives
Similar a BSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
Php myths
Php myths
Kapil Sharma
Enterprise PHP (php|works 2008)
Enterprise PHP (php|works 2008)
Ivo Jansch
Dynamic Languages In The Enterprise (4developers march 2009)
Dynamic Languages In The Enterprise (4developers march 2009)
Ivo Jansch
The road to php 7.1
The road to php 7.1
Michelangelo van Dam
WeActuallyBuildStuff - Extreme Programming Live
WeActuallyBuildStuff - Extreme Programming Live
Johannes Brodwall
Code reviews - Leave your ego at the door
Code reviews - Leave your ego at the door
Frank Sons
Php Development Best Practices
Php Development Best Practices
phandungtienvn
Dev presentation
Dev presentation
David Ford
Enterprise PHP Development - ZendCon 2008
Enterprise PHP Development - ZendCon 2008
Ivo Jansch
DPC2007 Objects Of Desire (Kevlin Henney)
DPC2007 Objects Of Desire (Kevlin Henney)
dpc
Spoilers fosdem-2013
Spoilers fosdem-2013
Riccardo Bernardini
En Route To Industry: Tips on Transferring from College into Industry
En Route To Industry: Tips on Transferring from College into Industry
Doreen Hakimi
The 7 Sins of Software Engineers in HEP
The 7 Sins of Software Engineers in HEP
Ioannis Baltopoulos
PHP, Under The Hood - DPC
PHP, Under The Hood - DPC
Anthony Ferrara
Phpworks enterprise-php-1227605806710884-9
Phpworks enterprise-php-1227605806710884-9
PrinceGuru MS
Web Application Testing. A Quick Guide to Testing and Security
Web Application Testing. A Quick Guide to Testing and Security
The Software House
Agile Programming Live - AgilePrague2012
Agile Programming Live - AgilePrague2012
Johannes Brodwall
top developer mistakes
top developer mistakes
Hanokh Aloni
Similar a BSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
(18)
Php myths
Php myths
Enterprise PHP (php|works 2008)
Enterprise PHP (php|works 2008)
Dynamic Languages In The Enterprise (4developers march 2009)
Dynamic Languages In The Enterprise (4developers march 2009)
The road to php 7.1
The road to php 7.1
WeActuallyBuildStuff - Extreme Programming Live
WeActuallyBuildStuff - Extreme Programming Live
Code reviews - Leave your ego at the door
Code reviews - Leave your ego at the door
Php Development Best Practices
Php Development Best Practices
Dev presentation
Dev presentation
Enterprise PHP Development - ZendCon 2008
Enterprise PHP Development - ZendCon 2008
DPC2007 Objects Of Desire (Kevlin Henney)
DPC2007 Objects Of Desire (Kevlin Henney)
Spoilers fosdem-2013
Spoilers fosdem-2013
En Route To Industry: Tips on Transferring from College into Industry
En Route To Industry: Tips on Transferring from College into Industry
The 7 Sins of Software Engineers in HEP
The 7 Sins of Software Engineers in HEP
PHP, Under The Hood - DPC
PHP, Under The Hood - DPC
Phpworks enterprise-php-1227605806710884-9
Phpworks enterprise-php-1227605806710884-9
Web Application Testing. A Quick Guide to Testing and Security
Web Application Testing. A Quick Guide to Testing and Security
Agile Programming Live - AgilePrague2012
Agile Programming Live - AgilePrague2012
top developer mistakes
top developer mistakes
Más de Shellmates
Cryptography basics
Cryptography basics
Shellmates
HTML basics
HTML basics
Shellmates
Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15
Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15
Shellmates
Atelier Python 2eme partie par Achraf Kacimi El Hassani
Atelier Python 2eme partie par Achraf Kacimi El Hassani
Shellmates
JavaScript 1.0 by Zakaria Smahi
JavaScript 1.0 by Zakaria Smahi
Shellmates
Introduction à Python - Achraf Kacimi El Hassani
Introduction à Python - Achraf Kacimi El Hassani
Shellmates
BSides Algiers - Stuxnet - Sofiane Talmat
BSides Algiers - Stuxnet - Sofiane Talmat
Shellmates
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
Shellmates
BSides Algiers - Layer7 DoS Attacks - Oussama Elhamer
BSides Algiers - Layer7 DoS Attacks - Oussama Elhamer
Shellmates
BSides Algiers - Reversing Win32 applications - Yacine Hebbal
BSides Algiers - Reversing Win32 applications - Yacine Hebbal
Shellmates
BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
Shellmates
BSides Algiers - Normes ISO 2700x - Badis Remli
BSides Algiers - Normes ISO 2700x - Badis Remli
Shellmates
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama Elhamer
Shellmates
BSides Algiers - Certification Electronique - Lilia Ounini
BSides Algiers - Certification Electronique - Lilia Ounini
Shellmates
BSides algiers - Malware History - Sofiane Talmat
BSides algiers - Malware History - Sofiane Talmat
Shellmates
Más de Shellmates
(15)
Cryptography basics
Cryptography basics
HTML basics
HTML basics
Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15
Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15
Atelier Python 2eme partie par Achraf Kacimi El Hassani
Atelier Python 2eme partie par Achraf Kacimi El Hassani
JavaScript 1.0 by Zakaria Smahi
JavaScript 1.0 by Zakaria Smahi
Introduction à Python - Achraf Kacimi El Hassani
Introduction à Python - Achraf Kacimi El Hassani
BSides Algiers - Stuxnet - Sofiane Talmat
BSides Algiers - Stuxnet - Sofiane Talmat
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
BSides Algiers - Layer7 DoS Attacks - Oussama Elhamer
BSides Algiers - Layer7 DoS Attacks - Oussama Elhamer
BSides Algiers - Reversing Win32 applications - Yacine Hebbal
BSides Algiers - Reversing Win32 applications - Yacine Hebbal
BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
BSides Algiers - Normes ISO 2700x - Badis Remli
BSides Algiers - Normes ISO 2700x - Badis Remli
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Certification Electronique - Lilia Ounini
BSides Algiers - Certification Electronique - Lilia Ounini
BSides algiers - Malware History - Sofiane Talmat
BSides algiers - Malware History - Sofiane Talmat
Último
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
Remote DBA Services
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
Zilliz
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
danishmna97
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
apidays
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
apidays
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
Christopher Logan Kennedy
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
apidays
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Rustici Software
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Dropbox
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Nanddeep Nachan
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
Último
(20)
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
BSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
1.
PHP STATIC CODE
ANALISYS Belakhdar Abdeldjalil 1
2.
Show the code ●
Simple php script ● Few pages ● Few code lines 2
3.
Find the bug Try
to find it manually ? 3
4.
Are there better
ways to do it ? 4
5.
Find the bug How
about grep ? 5
6.
Are there better
way to do it ? 6
7.
Find the bug How
about Php tokenizer ? 7
8.
Find the bug Rips
is in the party 8
9.
Find the bug Rips
and taint analysis 9
10.
Find the bug Php
tokenizer in action with Rips 10
11.
Demo Try rips on
rips 11
12.
Demo Try rips on
wordpress plugins 12
13.
Demo Try rips on
yii app 13
14.
Demo Rips is not
the miracle answer 14
15.
In the end ●
Php tokenizer is a big help ● Rips make it easier ● Not the best way for object oriented (mvc) project 15
16.
Thanks
16
17.
Questions Now ?
Or later by email riemann@opendz.org 17
Descargar ahora