Code Review

See: https://pentesterlab.com/exercises/codereview/course

String matching/Grep for bugs

This is probably the fastest way to find low-hanging fruits; you just try to find patterns of known vulnerabilities. For example, you can use grep to find calls to the PHP system function:

$ grep -R 'system\(\$_' *

You can find a list of regular expressions to try on your code base in the GRaudit project (https://github.com/wireghoul/graudit).

Determine size of the application to narrow down methodologies

You can use the tool cloc (https://github.com/AlDanial/cloc) to get a better idea of the size of the application:

% cloc .
      14 text files.
      13 unique files.                              
       2 files ignored.

github.com/AlDanial/cloc v 1.72  T=0.11 s (120.6 files/s, 46503.2 lines/s)
-------------------------------------------------------------------------------
Language                     files          blank        comment           code
-------------------------------------------------------------------------------
CSS                              2            676             11           3973
PHP                             10             48              4            289
SQL                              1              5              0              5
-------------------------------------------------------------------------------
SUM:                            13            729             15           4267
-------------------------------------------------------------------------------

PreviousAutopsy - open-source digital forensics platform NextTools

Last updated 3 years ago