Sebastian Neef (gehaxelt)
Sebastian Neef (aka @gehaxelt) has been involved in IT security and hacking since his early teens. While others were playing computer games, he was more interested in hacking them. During high school, he discovered bug bounty programs and quickly began to appear in several halls of fame, even reaching the Top 10 of Bugcrowd at the time.
Nowadays, he continues to pursue his PhD at the Technical University of Berlin, at the Chair for Security in Telecommunications, focusing his research on web and network security. In his spare time, he likes to play and organize CTFs as part of ENOFLAG, or do IT security freelance work.
Session
PHUZZ is a framework for Coverage-Guided Fuzzing of PHP Web Applications
Fuzz testing is an automated approach to vulnerability discovery. Coverage-guided fuzz testing has been extensively researched in binary applications and the domain of memory corruption vulnerabilities.
However, many web vulnerability scanners still rely on black-box fuzzing (e.g., predefined sets of payloads or basic heuristics), which severely limits their vulnerability detection capabilities.
In this talk, we present our academic fuzzing framework, "PHUZZ," and the challenges we faced in bringing coverage-guided fuzzing to PHP web applications. Our experiments show that PHUZZ outperforms related works and state-of-the-art vulnerability scanners in discovering seven different vulnerability classes.
Additionally, we demonstrate how PHUZZ uncovered over 20 potential security issues and two 0-day vulnerabilities in a large-scale fuzzing campaign of the most popular WordPress plugins.