Snuffleupagus: killing bug classes and virtual patching the rest
Key | Action |
---|---|
K or space | Play / Pause |
M | Mute / Unmute |
C | Select next subtitles |
A | Select next audio track |
V | Show slide in full page or toggle automatic source change |
left arrow | Seek 5s backward |
right arrow | Seek 5s forward |
shift + left arrow or J | Seek 10s backward |
shift + right arrow or L | Seek 10s forward |
control + left arrow | Seek 60s backward |
control + right arrow | Seek 60s forward |
shift + down arrow | Decrease volume |
shift + up arrow | Increase volume |
shift + comma | Decrease playback rate |
shift + dot or shift + semicolon | Increase playback rate |
end | Seek to end |
beginning | Seek to beginning |
Share this media
Download links
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamInformation on this media
Links:
Number of views:
85 (this month: 1)Creation date:
July 3, 2018License:
CC BY-SA v4Description
Suhosin is a great php module, but unfortunately, it’s getting old, new ways have been found to compromise php applications, and some aren’t working anymore; and it doesn’t play well with the shiny new php7.
As a secure web-hosting company, we needed a reliable and future-proof solution to address the flow of new vulnerabilities that are published every day. This is why we developed Snuffleupagus, a new (and open-source!) php security model, that provides several features that we needed, like passively killing several php-specific bug classes, but also implementing virtual-patching at the PHP level, allowing to patch vulnerabilities in a precise, false-positive-free, ultra-low overhead way, without even touching the applications’ code.
https://github.com/nbs-system/snuffleupagus
Julien ‘jvoisin’ Voisin
Julien used to pwn and reverse things while contributing to radare2, he nowadays focus on protecting web applications while keeping his own bugs alive on websec.fr and writing stuff on dustri.org.
Thibault ‘bui’ Koechlin
Thibault used to write exploits for fun, he’s now CISO at NBS System, writing the naxsiWAF to prevent web pwning.
Simon ‘piké’ Magnin-Feysot
Simon is a pretty cool guy.
Other media in the channel "2018"
108 views, 1 this monthGlassfish from (IN)Secure adminJuly 6th, 2018
159 views, 1 this monthShadow on the Wall - Risks and Flaws with ShadowsocksJuly 6th, 2018
56 views, 1 this monthOpen Hardware for (software) offensive securityJuly 6th, 2018
48 views, 3 this monthFreedom Fighting Mode - Open Source Hacking HarnessJuly 6th, 2018
76 views, 1 this monthExpl-iot: IoT Security Testing FrameworkJuly 6th, 2018
22 viewsIo(M)T Security: A year in reviewJuly 6th, 2018