Talk in English - UK at PHP UK Conference
Track Name:
Walbrook
Short URL: https://joind.in/talk/4060e
(QR-Code (opens in new window))
All programming languages have their foundations: the engine that interprets your code and makes everything run. In PHP, this is the Zend Engine, a critical piece of software that powers millions of applications worldwide. When everything works, you don't even think about it. You deploy to production, and the engine does its magic behind the scenes.
But what happens when something goes wrong in that core? What if a subtle bug opens the door to a full security breach? Suddenly, the invisible foundation becomes the most important part of the story.
Let's shine a light on two such cases: a recent, real vulnerability in the PHP engine (which has since been patched), and a backdoor that, just a few years ago, actually made it into the release candidate and allowed remote code execution. We'll walk through how each issue could be exploited and, most importantly, what lessons developers can draw from them. And yes, there will be live, local, sandboxed demos of both exploits in action. Ready to dive in?
Comments
Please login to leave a comment
Good choice of exploits for live demos, both of which were interesting and clearly explained, with good takeaways for what to think about in security audits. I would like to see still more examples, perhaps the introductory stuff at the beginning could have been cut shorter to allow room for a third demo.
Great insights into the nature of securty vulnerabilities in PHP