Ever wonder how zero-day vulnerabilities in your favorite websites get uncovered? Our guest today is diving into a game-changing technique: coverage-guided fuzzing for PHP web apps! Forget slow scanners; we're talking about finding critical bugs before the bad guys do.

Guest: Sebastian Neef, PhD at the Technical University of Berlin, at the Chair for Security in Telecommunications

In this segment, we explore PHUZZ, an open-source tool that's shaking up web application security testing. Our guest explains how this innovative approach outperforms traditional vulnerability scanners like BurpSuite, ZAP, and WFuzz in pinpointing crucial flaws like SQLi, RCE, XXE, and XSS. We'll delve into the technical hurdles of applying coverage-guided fuzzing to the dynamic nature of web applications and how PHUZZ's clever function hooking and vulnerability detection uncovered over 20 potential security issues and even 2 CVEs in popular WordPress plugins. This is the future of proactive web security, finding those elusive zero-day exploits with the power of intelligent automation.

Recommended reading/viewing for practitioners:

• https://www.sebastian-neef.de/
• Coverage guided Fuzzing
  
  --
  Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcast
  Audio on Buzzsprout: https://breakpoint.buzzsprout.com

If you like to see more like this, please Subscribe to BreakpointYoutube!

Please Share with others in the community. It always means a lot!

Follow us on LinkedIn: @breakpoint-security-podcast
Audio on Buzzsprout: https://breakpoint.buzzsprout.com

Buzz me on Twitter or LinkedIn Connect with me on -

• Twitter: @NeeluTripathy
• LinkedIn: @neelutripathy