Interesting Stuff

How to Find more Vulnerabilities — Source Code Auditing Explained

admin

Introduction

Whitebox penetration testing, especially for complex web applications, can be daunting due to the vast amount of code and interconnections between various components. Breaking down the application into manageable pieces is an effective strategy for systematic analysis.

Methodology Overview

The methodology begins with familiarizing oneself with the application:

  1. Identify the technology stack: Understand the programming language, templating engine, database, etc.
  2. Map the application: Use commands like tree -L 3 for an overview.
  3. Read documentation and explore the application: This helps develop a holistic understanding and relate findings to the application’s use.

Approaches to Penetration Testing

  1. Sources and Sinks:
    • Source: Entry points for user input (e.g., form inputs, query parameters).
    • Sink: Where the user input is used, potentially leading to vulnerabilities (e.g., SQL injection points).
  2. Bottom-Up Approach:
    • Start with sinks and trace back to the sources.
    • Use regular expressions to locate specific sinks.
    • This approach can be tedious but is effective for finding high-severity vulnerabilities.
  3. Top-Down Approach:
    • Start with sources and trace to sinks.
    • Use regular expressions to identify sources.
    • This approach is effective for finding more accessible but typically less severe vulnerabilities.
  4. Functionality-Based Approach:
    • Break down the application by functionality.
    • Focus on specific functionalities, particularly those that can be used without authentication, to find vulnerabilities.

Tooling

  • Regular Expressions and Semgrep: Useful for identifying sources and sinks.
  • Static Application Security Testing (SAST) Tools: Examples include SpectralOps, Checkmarx, and Veracode. These tools can identify vulnerabilities within the CI/CD pipeline.

Conclusion

Different approaches to static analysis will impact the types and likelihood of finding exploitable vulnerabilities. Experimenting with and combining different methods can lead to the best results.

Full Story : https://hacklido.com/blog/810-how-to-find-more-vulnerabilities-source-code-auditing-explained

Tags: IMPACT, PENETRATION