11:45 - 12:45
PHP is the most popular server-side language on the Web and the most favored language for Web attacks. A single security vulnerability in a widespread open-source PHP application can be used to compromise thousands of server installations. But how bad is the security state of open source applications and plugins today? This talk covers common and quirky security issues and mistakes detected lately. We introduce static analysis techniques for the automated detection of these complex issues and a summary of the most prevalent risks and pitfalls that should be avoided in your application.