Will Butler Profile picture
Current: Red Team in FinTech | Former: Red Team @Cruise, @Apple, and @PwC | I tweet about security, software, entrepreneurship, fitness, and eccentric badasses
17 Jun
how to find vulnerabilities in code:
- search for dangerous functionality
- find a path from input you control to that dangerous functionality
- test your exploit by isolating and running critical parts of the code locally
how to find dangerous functionality:
pay special attention to:
- high concentration of security "bad words" (eval, exec, raw, privileged, YAML, merge, reflect, etc)
- string parsing (dynamic langs, SQL, URLs, file paths, etc)
- code handling security stuff (authN, authZ, crypto)
how to find dangerous functionality:
- rules enforced by difficult to read code (likely some edge cases)
- calls that have "unsafe", "insecure", etc in the name
- counter-intuitive language features (perl array expansion, PHP implicit conversions, overwriting JS prototypes, etc.)
Read 4 tweets