AppSec USA 2016

Object injection vulnerabilities account for the most sophisticated attacks against web applications today. They persist when an attacker is able to modify the unified string representation of an object that is passed to the application. By injecting a specifically crafted object, the attacker can trigger the execution of existing code fragments, so called gadgets. Depending on the application's source code and programming language, different gadget chains are possible that can lead to diverse security issues, such as remote code execution. Due to todays applications' code complexity and size, finding all possible gadget combinations is a difficult task. This lightning talk will present new static code analysis techniques for the automated detection of PHP object injection vulnerabilities and the automated generation of gadget chains.