当前位置：网站首页>[web source code code code audit method] audit skills and tools

1.1、 Source code :
It usually does not include a complete compilation and test environment , And lack of necessary key dependent components , It's often impossible to build a running program
Generally, we can only use static analysis to audit
1.2、 There are binary programs :
Such as APK、EXE、jar package 、IoT System firmware, etc
The audit is usually carried out through dynamic analysis and reverse engineering
1.3、 Source code 、 Binary program :
Audit provides the most favorable access , Usually the goal is open source software , Contains a complete build environment and dependencies
1.4、 Complete black box :
Blind test can only be carried out through external interface （ More common ）

Two 、 influence ：

2.1、 Code language :
C/C++ This memory insecure language needs to pay more attention to the underlying details
Java、Python And other memory safe languages pay more attention to the implementation of upper logic ;
2.2、 Code style. :
Clean and tidy 、 Clearly annotated projects usually take less time to audit than other projects

3、 ... and 、 Audit ideas

3.1、 Sensitive keyword backtracking parameter passing
Most vulnerabilities are caused by improper use of functions
Search for corresponding sensitive keywords , You can quickly tap the desired vulnerabilities , Directional excavation , Efficient 、 High-quality
But because the code is not read through , Not enough in-depth understanding of the overall architecture of the program , It will take time to locate and exploit vulnerabilities , And logic vulnerability mining cannot cover

3.2、 Interface Analysis
Find controllable variables and their functions , Forward tracking variable transfer process
Data entry point , Parameters such as functions 、 Environmental variables, etc , Look for security vulnerabilities that can be triggered by malicious input

3.3、 Modeling sensitive function points
Search in blocks according to function points
File upload function 、 Payment function ……
The behavior of the module is restored by modeling the abstract behavior of the module , And look for potential logical and functional vulnerabilities

3.4、 Full text key code
Function set file ： Public function file , By opening the index.php Or find some functional files
The configuration file ： Generally including config keyword , There will be configuration options 、 Database and other configuration information
Secure filter files ： Generally including filter、safe、check Other key words
index file ： Program entry , Understand the architecture of the whole program 、 Running process 、 Files included in

3.5、 Restore security boundaries
Check the code by analyzing all safety related checksums
Restore the security boundary preset by the developer or security architect , So as to further audit the restored security boundary , Build a threat model of actual attack

Four 、 Small source code

The amount of code is generally small , It is relatively easy to find loopholes
4.1、 Audit steps ：
(1） Input point ： Find each input point .
(2） Protective measures ： Find the filter for the input and try to bypass .
(3） Function vulnerability ： Find the function that handles the input and check for vulnerabilities .
(4） utilize ： Find the vulnerability and make the best use of it .

5、 ... and 、 Large source code

It's usually right CMS Type framework for auditing , The main problem is the need to quickly locate vulnerabilities from a large amount of code
5.1、 Audit steps ：
（1） Look for the hazard function
（2） Go back up , Find available input points
（3） Bypass filtering for input points
（4） Construct trigger vulnerability

6、 ... and 、 Audit tools

6.1、Seay Source code audit system
download ：
link ：https://pan.baidu.com/s/1H51ez9BrYohDP4hXHJLReA?pwd=bgz1
Extraction code ：bgz1
6.2、RIPS
link ：https://pan.baidu.com/s/14RWI64sU8LU-z9qUeVUzBg?pwd=yot6
Extraction code ：yot6