Your SlideShare is downloading. ×
0
4 owasp egypt_12_4_2014_ebrahim_hegazy
4 owasp egypt_12_4_2014_ebrahim_hegazy
4 owasp egypt_12_4_2014_ebrahim_hegazy
4 owasp egypt_12_4_2014_ebrahim_hegazy
4 owasp egypt_12_4_2014_ebrahim_hegazy
4 owasp egypt_12_4_2014_ebrahim_hegazy
4 owasp egypt_12_4_2014_ebrahim_hegazy
4 owasp egypt_12_4_2014_ebrahim_hegazy
4 owasp egypt_12_4_2014_ebrahim_hegazy
4 owasp egypt_12_4_2014_ebrahim_hegazy
4 owasp egypt_12_4_2014_ebrahim_hegazy
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

4 owasp egypt_12_4_2014_ebrahim_hegazy

245

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
245
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation OWASP http://www.owasp.org Yahoo Zero-Day Vulnerability - Code Point of View Ebrahim Hegazy @Zigoo0 Cyber Security Analyst @Q-CERT Ehegazy@qcert.org 12 April - 2014
  • 2. OWASP 2 Not this type of bugs!
  • 3. OWASP Nor even This type Of hunting!
  • 4. OWASP
  • 5. OWASP 1- Bug Bounty Programs. 2- Remote Code Execution Vulnerability 3- Live Example – WebPwn3r 4- Demo Videos
  • 6. OWASP Bug Bounty Programs https://bugcrowd.com/list-of-bug-bounty-programs/
  • 7. OWASP Remote Code Execution Vulnerability Simply, PHPCE occurs when user-supplied(GET/POST) values of the parameters are reflected inside eval() function, that vulnerability allows attackers to execute PHP code such as {echo system(“id”)} or any other php function/code.
  • 8. OWASP Eval
  • 9. OWASP Live Example – WebPwn3r
  • 10. OWASP 4- Demo Videos
  • 11. OWASP

×