Tag Archives: Source Code Auditing

Things Everyone Should Do: Code Review

Nice blog post about code review. Most of his comments are very true. When you audit a product the first thing that you have to face is, criticize. http://scientopia.org/blogs/goodmath/2011/07/06/things-everyone-should-do-code-Oreview/ At Google, no code, for any product, for any project, gets … Continue reading

Posted in Code review experiance | Tagged , , , | Leave a comment

List of Secure Programming Courses

List of Secure Programming Courses (in Universities):http://www.cse.scu.edu/~tschwarz/COEN296A_06/Lectures/http://kosh.nku.edu/~waldenj/classes/2009/spring/csc666/http://kosh.nku.edu/~waldenj/classes/2008/fall/csc682/schedule.htmlhttp://kosh.nku.edu/~waldenj/classes/2010/fall/csc482/schedule.htmlhttp://kosh.nku.edu/~waldenj/classes/2007/spring/csc699/schedule.htmlhttp://projects.cerias.purdue.edu/secprog/http://faculty.cs.nku.edu/~waldenj/classes/2005/fall/csc382/schedule.htmlhttp://www.cs.ucf.edu/~czou/CAP6135/notes.htmlhttp://people.engr.ncsu.edu/txie/softtestingedu.htmlhttp://www.cs.binghamton.edu/~umrigar/cs551f11/slides/index.htmlhttp://siber.cankaya.edu.tr/ozdogan/SystemsProgramming/week10/node14.htmlhttp://www.eg.bucknell.edu/~cs379/CompSec/2006-spring/schedule.htmlhttp://www.cs.purdue.edu/homes/cs390s/refs.htmlhttp://samate.nist.gov/SRD/ (Not a University course)http://code.google.com/edu/ (Not a University course)http://www.cs.kent.edu/~rothstei/spring_12/secprognotes/http://ranger.uta.edu/~mwright/secprog/

Posted in C/C++, Code review experiance, Course | Tagged , , | 1 Comment

Source Code Auditing – Candidate Point analysis – List of Regular Expression patterns

When we are tasked with manual code audit of a big source code base, we will get a quick result if we start with candidate point analysis. We can use regular expression patterns to find those quick issues initially. List … Continue reading

Posted in ASP.Net, C/C++, Code review experiance, Web | Tagged , , , , , | Leave a comment

Bug Hunting to exploit – Log

Today i got a chance to read a blog on Bug hunting to exploit. It was a quite interesting read. I am going list down few of such interesting read in this blog post. http://www.skullsecurity.org/blog/2011/remote-control-manager-fail http://dvlabs.tippingpoint.com/blog/2010/09/01/zdi-10-169-on-exploitability

Posted in Binary Auditing, IDA Pro, Reversing | Tagged , , , | 1 Comment

Source Code Auditing

  Here i will list down and update the list of tips i come across while doing code auditing…. 1) Where there is one bug, there are more. 2) Programs often share code or Same programmers work on multiple projects. … Continue reading

Posted in Code review experiance | Tagged , | Leave a comment

ASP .Net VIEWSTATE

(content taken from different website(s)) The contents of ViewState are serialized using ‘LOSFormatter’ which performs ASCII serialization and encodes the output using Base64 encoding. There are lot of VIEWSTATE decoder available in the Internet. The VIEWSTATE is not encrypted by … Continue reading

Posted in ASP.Net | Tagged , , , | Leave a comment

Code Auditing Experience– Conversion APIs expects the data in some specific format.

  Recently i analysed a native app and i found some interesting cases. I want to remember this myself. So blogging this.   I was analysing a module that processes syslog kind of messages. It reads packet from the network … Continue reading

Posted in Code review experiance | Tagged , , , | Leave a comment