S04EP01 | Zero Day Playbook with Coverage-Guided PHP Fuzzing | Sebastian Neef

Ever wonder how zero-day vulnerabilities in your favorite websites get uncovered? Our guest today is diving into a game-changing technique: coverage-guided fuzzing for PHP web apps! Forget slow scanners; we're talking about finding critical bugs before the bad guys do.Guest: Sebastian Neef, PhD at the Technical University of Berlin, at the Chair for Security in TelecommunicationsIn this segment, we explore PHUZZ, an open-source tool that's shaking up web application security testing. Our guest explains how this innovative approach outperforms traditional vulnerability scanners like BurpSuite, ZAP, and WFuzz in pinpointing crucial flaws like SQLi, RCE, XXE, and XSS. We'll delve into the technical hurdles of applying coverage-guided fuzzing to the dynamic nature of web applications and how PHUZZ's clever function hooking and vulnerability detection uncovered over 20 potential security issues and even 2 CVEs in popular WordPress plugins. This is the future of proactive web security, finding those elusive zero-day exploits with the power of intelligent automation.Recommended reading/viewing for practitioners:https://www.sebastian-neef.de/Coverage guided FuzzingIf you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy