💻
OSWE Everything
💻
OSWE Everything
  • VULNERABILITIES
    • Type Juggling
    • Cross Site Scripting
      • Hunting for files
    • Insecure Deserialization
      • .NET
    • SQL Injection
      • Blind SQL Injection
      • SQLi debugging
      • Code review
      • Errors and additional information
      • Approaches to leverage different databases
    • XML External Entity (XXE)
      • Types of XML Entities
      • Exploitation
      • Wrappers for errors
      • Post Exploitation
    • OS Command Injection
      • Exploitation
    • Server Side Template Injection
      • Exploitation
    • Authentication Bypass
      • Checklist
  • Unsecure Random Function
    • Exploitation
  • Cross Origin Resource Sharing (CORS)
    • Prerequisites of Exploitation
  • Client Side Request Forgery (CSRF)
    • Prerequisites of Exploitation
  • Exploit Writing
    • Cheatsheet
    • Skeleton Scripts
  • Code review
    • Manual code review
      • Routing
      • Searching for exploits
      • Debugging
    • Decompilation
      • Java
      • .NET
    • Managing the application
      • Identifying application file location
      • Restarting web applications
      • Manipulation of Assembly Attributes for Debugging (.NET)
  • Preparation Machines
    • [HTB] Vault
    • Other HTB scripts
  • ADDITIONAL INFORMATION
    • Sources
  • External Resources
    • WhiteBox Pentest
Powered by GitBook
On this page
  • IDE
  • Helpful Visual Studio Code functionalities
  • Find All References
  • Search in all files
  • Regular expressions
  1. Code review

Manual code review

PreviousCheatsheetNextRouting

Last updated 5 months ago

IDE

During searching for vulnerabilities we need an IDE. You can use any application you want but in this we work with Visual Studio Code.

Helpful Visual Studio Code functionalities

Good IDE comes with a lot of useful features. This is the case with Visual Studio code. In the sections below you can find one of the best capabilities of VSC when it comes to source code review.

Find All References

First interesting feature of VSC is possibility of finding all references of function in whole project.

Search in all files

With Ctrl / Command + Shift + F combination you can turn on global search which will find provided word in all files of the opened projects. Despite providing a lot of useless information sometimes it can help in identifying interesting pieces of code in the application.

Regular expressions

Regular expressions are very useful when it comes to digging through the code. It is important to understand them in order to be efficent during code review.