Code Review
See: https://pentesterlab.com/exercises/codereview/course
String matching/Grep for bugs
This is probably the fastest way to find low-hanging fruits; you just try to find patterns of known vulnerabilities. For example, you can use grep
to find calls to the PHP system
function:
$ grep -R 'system\(\$_' *
You can find a list of regular expressions to try on your code base in the GRaudit project (https://github.com/wireghoul/graudit).
Determine size of the application to narrow down methodologies
You can use the tool cloc
(https://github.com/AlDanial/cloc) to get a better idea of the size of the application:
% cloc .
14 text files.
13 unique files.
2 files ignored.
github.com/AlDanial/cloc v 1.72 T=0.11 s (120.6 files/s, 46503.2 lines/s)
-------------------------------------------------------------------------------
Language files blank comment code
-------------------------------------------------------------------------------
CSS 2 676 11 3973
PHP 10 48 4 289
SQL 1 5 0 5
-------------------------------------------------------------------------------
SUM: 13 729 15 4267
-------------------------------------------------------------------------------
Last updated
Was this helpful?