The PHP security landscape has evolved a lot since its first steps 24 years ago: well-known dangerous code patterns of last year are already outdated, and new exploitation techniques flourish regularly.
This talk aims to present the most common "modern" vulnerabilities on PHP
applications along their associated risks, such as SSRF, SSTI, arbitrary instantiation, disabled_functions / open_basedir bypasses, bugs in the language's engine, framework specifics and pitfalls, etc.
Although the presented security vulnerabilities are not specific to PHP, choosing a specific language to use as a basis for the talk will allow illustrating every concept described with real-life examples.