Searching for exploits

Introduction

Despite having a lot of analysis tools for source code review on the market like SonarQube, Checkmarx, and Fortify the effectiveness of these tools often depends on how they are configured and integrated into the development workflow.

Even if the tools are configured in a perfect way there are still possibilities of missing crucial vulnerabilities and generating a lot of false positive findings. That is why we should mainly relay on the security source code review skill.

Manual source code review advices

• After reviewing unauthenticated areas, shift your focus to parts of the application that are typically less scrutinized, such as authenticated sections.

• Examine how user input is sanitized. Is a trusted, open-source library utilized, or does the application rely on a custom implementation?

• If the application interacts with a database, analyze how queries are constructed. Does it properly parameterize inputs, or does it merely sanitize them?

• Evaluate the logic behind account creation and password reset or recovery processes. Is it possible to manipulate or exploit this functionality?

• Determine if the application interacts with the underlying operating system. Can commands be altered or new ones injected?

• Identify any vulnerabilities specific to the programming language being used.