Sebastian Neef of the Technical University of Berlin presents PHUZZ, a coverage-guided fuzzing framework that uncovers zero-day vulnerabilities in PHP applications beyond traditional web scanners.
Web applications underpin critical online services, yet most automated security testing relies on black box techniques that lack insight into server-side execution. A coverage-guided fuzzing approach tailored to PHP applications enables deeper visibility into code paths, error states and vulnerability triggers. By instrumenting applications at runtime and combining function hooking with intelligent input mutation, enterprises are able to expose flaws that traditional scanners miss.
Applied to widely deployed PHP ecosystems, the approach uncovered numerous previously unknown weaknesses, including exploitable flaws in popular WordPress plugins.
In this session, led by Sebastian Neef, Ph.D. candidate at the Technical University of Berlin, you will learn:
- Limitations of black box testing for web applications;
- Adapting coverage-guided fuzzing to PHP environments;
- Runtime instrumentation and function hooking strategies.
Here is the course outline:
Finding Zero-Days in PHP Apps With Coverage-Guided Fuzzing |
Completion
The following certificates are awarded when the course is completed:
 |
CPE Credit Certificate |
