Breakpoint Security Podcast
Breakpoint-'Exploring the depths of Defensive Security'. The defensive side of Security is a world in itself with teams achieving amazing feats that involve excellent engineering practices and smart optimisation for scale. This is not talked about enough in the industry. Join me in the br3akp0int podcast as we reflect on the methods and approaches these smart teams use to solve practical challenges in information security and innovate their way into the future. Who is this meant for? : This podcast is for anyone in InfoSec willing to know more about advances in security techniques. This includes security researchers or professionals, product owners, compliance or cloud, AI/ML, threat intel, SecOps automation, Security Leaders, development teams, pentesters and security practitioners. A bit about me: I am a technical security enthusiast and have been dabbling my hands at both offensive and defensive security. I am passionate about growing security communities and have spoken and trained at various security conferences.
Breakpoint Security Podcast
S04EP01 | Zero Day Playbook with Coverage-Guided PHP Fuzzing | Sebastian Neef
Ever wonder how zero-day vulnerabilities in your favorite websites get uncovered? Our guest today is diving into a game-changing technique: coverage-guided fuzzing for PHP web apps! Forget slow scanners; we're talking about finding critical bugs before the bad guys do.
Guest: Sebastian Neef, PhD at the Technical University of Berlin, at the Chair for Security in Telecommunications
In this segment, we explore PHUZZ, an open-source tool that's shaking up web application security testing. Our guest explains how this innovative approach outperforms traditional vulnerability scanners like BurpSuite, ZAP, and WFuzz in pinpointing crucial flaws like SQLi, RCE, XXE, and XSS. We'll delve into the technical hurdles of applying coverage-guided fuzzing to the dynamic nature of web applications and how PHUZZ's clever function hooking and vulnerability detection uncovered over 20 potential security issues and even 2 CVEs in popular WordPress plugins. This is the future of proactive web security, finding those elusive zero-day exploits with the power of intelligent automation.
Recommended reading/viewing for practitioners:
- https://www.sebastian-neef.de/
- Coverage guided Fuzzing
If you like to see more like this, please Subscribe to Breakpoint Youtube!
Please Share with others in the community. It always means a lot!
Follow us on LinkedIn: @breakpoint-security-podcast
Audio on Buzzsprout: https://breakpoint.buzzsprout.com
Buzz me on Twitter or LinkedIn Connect with me on -
- Twitter: @NeeluTripathy
- LinkedIn: @neelutripathy
