|
|
|
|
|
|
by firer
584 days ago
|
|
|
Fuzzing data flow separately from control flow is an interesting idea I can believe that it dramatically speeds up finding certain bugs, but I doubt that it can reach a large class of complex vulnerabilities, which in the case of high value targets is probably all that's left. The PHP interpreter isn't much of an interesting target, since it (usually) doesn't accept user input, even if it does power a significant part of the web. For that reason, it's much less researched and still has low complexity bugs. More robust interpreters such as JavaScript's V8 will probably fare much better against data flow only fuzzing. Bugs in V8 tend to combine both data flow and control flow[1]. [1] https://googleprojectzero.blogspot.com/2021/01/in-wild-serie... |
|
|