当前位置:网站首页>[web source code code code audit method] audit skills and tools
[web source code code code audit method] audit skills and tools
2022-07-05 03:36:00 【Black zone (rise)】
Catalog
1.2、 There are binary programs :
1.3、 Source code 、 Binary program :
3.1、 Sensitive keyword backtracking parameter passing
3.3、 Modeling sensitive function points
3.5、 Restore security boundaries
5、 ... and 、 Large source code
6.1、Seay Source code audit system
One 、 Audit situation :
1.1、 Source code :
It usually does not include a complete compilation and test environment , And lack of necessary key dependent components , It's often impossible to build a running program
Generally, we can only use static analysis to audit
1.2、 There are binary programs :
Such as APK、EXE、jar package 、IoT System firmware, etc
The audit is usually carried out through dynamic analysis and reverse engineering
1.3、 Source code 、 Binary program :
Audit provides the most favorable access , Usually the goal is open source software , Contains a complete build environment and dependencies
1.4、 Complete black box :
Blind test can only be carried out through external interface ( More common )
Two 、 influence :
2.1、 Code language :
C/C++ This memory insecure language needs to pay more attention to the underlying details
Java、Python And other memory safe languages pay more attention to the implementation of upper logic ;
2.2、 Code style. :
Clean and tidy 、 Clearly annotated projects usually take less time to audit than other projects
3、 ... and 、 Audit ideas
3.1、 Sensitive keyword backtracking parameter passing
Most vulnerabilities are caused by improper use of functions
Search for corresponding sensitive keywords , You can quickly tap the desired vulnerabilities , Directional excavation , Efficient 、 High-quality
But because the code is not read through , Not enough in-depth understanding of the overall architecture of the program , It will take time to locate and exploit vulnerabilities , And logic vulnerability mining cannot cover
3.2、 Interface Analysis
Find controllable variables and their functions , Forward tracking variable transfer process
Data entry point , Parameters such as functions 、 Environmental variables, etc , Look for security vulnerabilities that can be triggered by malicious input
3.3、 Modeling sensitive function points
Search in blocks according to function points
File upload function 、 Payment function ……
The behavior of the module is restored by modeling the abstract behavior of the module , And look for potential logical and functional vulnerabilities
3.4、 Full text key code
Function set file : Public function file , By opening the index.php Or find some functional files
The configuration file : Generally including config keyword , There will be configuration options 、 Database and other configuration information
Secure filter files : Generally including filter、safe、check Other key words
index file : Program entry , Understand the architecture of the whole program 、 Running process 、 Files included in
3.5、 Restore security boundaries
Check the code by analyzing all safety related checksums
Restore the security boundary preset by the developer or security architect , So as to further audit the restored security boundary , Build a threat model of actual attack
Four 、 Small source code
The amount of code is generally small , It is relatively easy to find loopholes
4.1、 Audit steps :
(1) Input point : Find each input point .
(2) Protective measures : Find the filter for the input and try to bypass .
(3) Function vulnerability : Find the function that handles the input and check for vulnerabilities .
(4) utilize : Find the vulnerability and make the best use of it .
5、 ... and 、 Large source code
It's usually right CMS Type framework for auditing , The main problem is the need to quickly locate vulnerabilities from a large amount of code
5.1、 Audit steps :
(1) Look for the hazard function
(2) Go back up , Find available input points
(3) Bypass filtering for input points
(4) Construct trigger vulnerability
6、 ... and 、 Audit tools
6.1、Seay Source code audit system
download :
link :https://pan.baidu.com/s/1H51ez9BrYohDP4hXHJLReA?pwd=bgz1
Extraction code :bgz16.2、RIPS
link :https://pan.baidu.com/s/14RWI64sU8LU-z9qUeVUzBg?pwd=yot6
Extraction code :yot6
边栏推荐
- How can we truncate the float64 type to a specific precision- How can we truncate float64 type to a particular precision?
- Blue Bridge Cup single chip microcomputer -- PWM pulse width modulation
- Flume configuration 4 - customize mysqlsource
- Performance of calling delegates vs methods
- Linux安装Redis
- 【web审计-源码泄露】获取源码方法,利用工具
- Flume配置4——自定义MYSQLSource
- 腾讯云,实现图片上传
- 程序员的视力怎么样? | 每日趣闻
- Anchor free series network yolox source code line by line explanation Part 2 (a total of 10, ensure to explain line by line, after reading, you can change the network at will, not just as a participan
猜你喜欢
Azkaban actual combat
Subversive cognition: what does SRE do?
Tiny series rendering tutorial
[105] Baidu brain map - Online mind mapping tool
1.五层网络模型
The perfect car for successful people: BMW X7! Superior performance, excellent comfort and safety
De debugging (set the main thread as hidden debugging to destroy the debugging Channel & debugger detection)
程序员的视力怎么样? | 每日趣闻
【软件逆向-基础知识】分析方法、汇编指令体系结构
SQL injection exercise -- sqli Labs
随机推荐
Basic authorization command for Curl
Technology sharing swift defense programming
【做题打卡】集成每日5题分享(第三期)
【软件逆向-基础知识】分析方法、汇编指令体系结构
The perfect car for successful people: BMW X7! Superior performance, excellent comfort and safety
Sqoop installation
The latest blind box mall, which has been repaired very popular these days, has complete open source operation source code
Binary heap implementation (priority queue implementation)
Pdf things
Monitoring web performance with performance
Hot knowledge of multithreading (I): introduction to ThreadLocal and underlying principles
Nmap使用手册学习记录
How to make the listbox scroll automatically when adding a new item- How can I have a ListBox auto-scroll when a new item is added?
Simple use of devtools
Ubantu disk expansion (VMware)
Asemi rectifier bridge 2w10 parameters, 2w10 specifications, 2w10 characteristics
Une question est de savoir si Flink SQL CDC peut définir le parallélisme. Si le parallélisme est supérieur à 1, il y aura un problème d'ordre?
Difference between MotionEvent. getRawX and MotionEvent. getX
[groovy] string (string splicing | multi line string)
IPv6 experiment