Tag Archives: Source Code Auditing Tips and Tricks

Things Everyone Should Do: Code Review

Nice blog post about code review. Most of his comments are very true. When you audit a product the first thing that you have to face is, criticize. http://scientopia.org/blogs/goodmath/2011/07/06/things-everyone-should-do-code-Oreview/ At Google, no code, for any product, for any project, gets … Continue reading

Posted in Code review experiance | Tagged , , , | Leave a comment

A fresh pair of eyes will tell you exactly what you missed

http://blog.vivekhaldar.com/post/20335710829/code-review-just-do-it It is so true that “fresh pair of eyes” sees the code in different perspective. Yes Code review will improve your code quality. Many a times when we develop a module, we will fill the code with many “TODO” … Continue reading

Posted in Code review experiance | Tagged , , | Leave a comment

Source Code Auditing – Candidate Point analysis – List of Regular Expression patterns

When we are tasked with manual code audit of a big source code base, we will get a quick result if we start with candidate point analysis. We can use regular expression patterns to find those quick issues initially. List … Continue reading

Posted in ASP.Net, C/C++, Code review experiance, Web | Tagged , , , , , | Leave a comment

String manipulation functions in Glibc, MS Visual Studio and 0x7efefeff, 0x81010100, 0x81010101

Recently i got a chance to read a blog(first link in https://hiddencodes.wordpress.com/2011/12/20/bug-hunting-to-exploit-log/) about finding vulnerability. He given a tip on finding the string manipulation functions in the binary. It was quite new to me so i started to look into … Continue reading

Posted in Binary Auditing, C/C++, Code review experiance, Reversing, Windows VC++ | Tagged , , , , , | Leave a comment

Random notes from other researchers….

@krsec If you’re performing a #sourcecodereview for an app that uses #log4j, look for an included config file (*.xml, *.prop, *.properties, etc.)

Posted in Code review experiance | Tagged , | Leave a comment

Good language materials for source code auditors

Good C/C++ materials: http://www.slideshare.net/olvemaudal/solid-c-by-example http://www.slideshare.net/olvemaudal/cpp-idioms-byexamplenov2008 http://www.slideshare.net/olvemaudal/deep-c http://blog.llvm.org/2011/05/what-every-c-programmer-should-know.html http://blog.llvm.org/2011/05/what-every-c-programmer-should-know_14.html http://blog.llvm.org/2011/05/what-every-c-programmer-should-know_21.html

Posted in C/C++ | Tagged , , | Leave a comment

What’s wrong with this code – Learn source code auditing…

  Read each and every article that is titled “What’s wrong with this code – Part X”. It is very good. http://blogs.msdn.com/search/searchresults.aspx?q=What%27s+wrong+with+this+code   I will update this thread with other links that interests me. Links: http://blog.llvm.org/2010/04/whats-wrong-with-this-code.html

Posted in Code review experiance | Tagged , | Leave a comment