Using Z-Ray for lightning fast security analysis

Martin Bednorz (16.Oct.2018 at 16:00, 1 hr )
Talk at ZendCon & OpenEnterprise 2018 (English - US)

Rating: 0 of 5

With the ever-growing threat of data and compliance breaches, the security of web applications and APIs is business critical. Z-Ray provides PHP application developers with fine-grained insights about page requests, warnings and errors, events, and database queries. It can be integrated into Zend Server or used standalone for efficient debugging. But until now, Z-Ray does not track the data flow for security-related issues. In this talk, we present our integration of automated security analysis into Z-Ray.

We use the deep insights provided by Z-Ray to greatly speed-up and simplify a static code analysis process. Due to the reduced analysis time, it can be used during development and testing of single components without the need to analyze the complete code base. At the same time, detected security bugs can be easily verified with one click by combining the collected information about the web requests and the results of a context-sensitive security analysis. We will cover technical insights about how Z-Ray can be extended, basics about static code analysis, and how both technologies can be combined to a new plugin that allows on-the-fly bug detection and verification.

Who are you?

Claim talk

Talk claims have been moved to the new Joind.in site.

Please login to the new site to claim your talk

Want to comment on this talk? Log in or create a new account or comment anonymously

Write a comment

 
Please note: you are not logged in and will be posting anonymously!
= six minus two
 
No comments yet.
© Joind.in 2018