Blog Post

OSWE Prep: Finding and Exploiting Bugs in PHP Source Code

By Patrick Smith
OSWE Prep: Finding and Exploiting Bugs in PHP Source Code

Source code review is often included as a phase of penetration testing engagements to identify the damage an insider armed with code could cause. The security researcher tries to think like a malicious insider and identify code weaknesses that can be used to launch an attack. Learning the required mindset and skills takes dedication and patience.

That's why I decided, in the course of pursuing OSWE certification, to create a short guide for new security researchers on how to look for certain PHP vulnerabilities. That sounds simple enough, right?

Well, my modest proposal turned into an 90+-page guide, Finding and Exploiting Bugs in PHP Source Code, that Anvil is releasing today. It covers SQL injection, PHP type juggling, and client-side vulnerabilities, and is filled with screenshots, and code snips. The guide demonstrates how to prepare for a source code review, discover vulnerabilities, and exploit those vulnerabilities. And along the way, it provides insight into the attacker mindset.

The guide can be viewed here: Finding and Exploiting Bugs in PHP Source Code

 

About the Author

Patrick Smith is a Security Engineer at Anvil. He specializes in application penetration testing, particularly in cloud environments. He has a passion for learning; he regularly spends time looking for new ways to approach security problems. Prior to joining Anvil, Patrick studied Computer Science at the University of West Florida and co-founded a cybersecurity startup.

This is Patrick's most ambitious writing project to date. If you are interested in joining a team that encourages all team members to pursue research and learning opportunities, provides support for content development, and publishes results on the company platform, check out Anvil's Careers page.

Tools

awstracer - An Anvil CLI utility that will allow you to trace and replay AWS commands.


awssig - Anvil Ventures' Burp extension for signing AWS requests with SigV4.


dawgmon - Dawg the hallway monitor: monitor operating system changes and analyze introduced attack surface when installing software. See the introductory blogpost

Recent Posts