BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.cccv.de//congress/2024/fahrplan//PYGMMA
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-38c3-MAUBFS@cfp.cccv.de
DTSTART;TZID=CET:20241227T160000
DTEND;TZID=CET:20241227T170000
DESCRIPTION:PHUZZ is a framework for Coverage-Guided Fuzzing of PHP Web App
 lications\n\nFuzz testing is an automated approach to vulnerability discov
 ery. Coverage-guided fuzz testing has been extensively researched in binar
 y applications and the domain of memory corruption vulnerabilities.\nHowev
 er\, many web vulnerability scanners still rely on black-box fuzzing (e.g.
 \, predefined sets of payloads or basic heuristics)\, which severely limit
 s their vulnerability detection capabilities.\nIn this talk\, we present o
 ur academic fuzzing framework\, "PHUZZ\," and the challenges we faced in b
 ringing coverage-guided fuzzing to PHP web applications. Our experiments s
 how that PHUZZ outperforms related works and state-of-the-art vulnerabilit
 y scanners in discovering seven different vulnerability classes.\nAddition
 ally\, we demonstrate how PHUZZ uncovered over 20 potential security issue
 s and two 0-day vulnerabilities in a large-scale fuzzing campaign of the m
 ost popular WordPress plugins.
DTSTAMP:20241227T122309Z
LOCATION:Saal ZIGZAG
SUMMARY:What the PHUZZ?! Finding 0-days in Web Applications with Coverage-g
 uided Fuzzing - Sebastian Neef (gehaxelt)
URL:https://fahrplan.events.ccc.de/congress/2024/fahrplan/talk/MAUBFS/
END:VEVENT
END:VCALENDAR