Snuffleupagus: killing bug classes and virtual patching the rest
Action | Key |
---|---|
Play / Pause | K or space |
Mute / Unmute | M |
Select next subtitles | C |
Select next audio track | A |
Show slide in full page or toggle automatic source change | V |
Seek 5s backward | left arrow |
Seek 5s forward | right arrow |
Seek 10s backward | shift + left arrow or J |
Seek 10s forward | shift + right arrow or L |
Seek 60s backward | control + left arrow |
Seek 60s forward | control + right arrow |
Decrease volume | shift + down arrow |
Increase volume | shift + up arrow |
Decrease playback rate | shift + comma |
Increase playback rate | shift + dot or shift + semicolon |
Seek to end | end |
Seek to beginning | beginning |
Share this media
Download links
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamWhen subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
Suhosin is a great php module, but unfortunately, it’s getting old, new ways have been found to compromise php applications, and some aren’t working anymore; and it doesn’t play well with the shiny new php7.
As a secure web-hosting company, we needed a reliable and future-proof solution to address the flow of new vulnerabilities that are published every day. This is why we developed Snuffleupagus, a new (and open-source!) php security model, that provides several features that we needed, like passively killing several php-specific bug classes, but also implementing virtual-patching at the PHP level, allowing to patch vulnerabilities in a precise, false-positive-free, ultra-low overhead way, without even touching the applications’ code.
https://github.com/nbs-system/snuffleupagus
Julien ‘jvoisin’ Voisin
Julien used to pwn and reverse things while contributing to radare2, he nowadays focus on protecting web applications while keeping his own bugs alive on websec.fr and writing stuff on dustri.org.
Thibault ‘bui’ Koechlin
Thibault used to write exploits for fun, he’s now CISO at NBS System, writing the naxsiWAF to prevent web pwning.
Simon ‘piké’ Magnin-Feysot
Simon is a pretty cool guy.
Other media in the channel "2018"
- 112 views, 5 this yearGlassfish from (IN)Secure adminJuly 6th, 2018
- 161 views, 2 this yearShadow on the Wall - Risks and Flaws with ShadowsocksJuly 6th, 2018
- 57 views, 1 this yearOpen Hardware for (software) offensive securityJuly 6th, 2018
- 48 viewsFreedom Fighting Mode - Open Source Hacking HarnessJuly 6th, 2018
- 78 views, 2 this yearExpl-iot: IoT Security Testing FrameworkJuly 6th, 2018
- 23 viewsIo(M)T Security: A year in reviewJuly 6th, 2018