Source code

Finding Vulnerabilities with MRVA CodeQL

Some time ago, CodeQL got an addition of MRVA which allows to run CodeQL queries on multiple repositories. I’ve been procrastinating running some queries for a long time but the author of this article - Maiky didn’t procrastinate and described the process of finding...

Source code review – catching low-hanging fruit

Manual source code review is tedious and often takes a long time. Albeit tools will never replace a human, utilising tools is simply a smart thing to do. Sometimes, you will be lucky and you will get a bug straight away. I’ve been lucky with it recently. Most of the...

Secure Code Game

GitHub Security Lab has created a secure code game that allows developers to learn how to secure intentionally vulnerable code. It's definitely worth trying out, especially for those who have been asking me how to get started with code review!...

How to avoid being overwhelmed when reviewing the code?

The beginning of a new project can be very overwhelming - you don’t know what your target does, what technologies they use and you have no idea what bugs you should expect. The source code, although generally helps, can sometimes be even more confusing. Especially if,...

CodeQL learning path

CodeQL is a code scanner that sits somewhere between static analysis - where a scanner just analyses the code as a text - and dynamic analysis - where the scanner actually executes the application and sends payloads. CodeQL understands the code and the flow of the...

Finding RCEs JVM-based languages

I feel it’s profitable to find bugs by reviewing the code of decompiled jar, war or class files. Technologies like Groovy or Scala are Java-related languages but you will omit command execution sinks in them if you are only looking for Java’s Runtime [.] getRuntime()...

Reversing patches and creating exploits

Reversing patches is a very useful skill because often, companies will only tell you what the bug class was and not how to reproduce it. Thus, if you want to, let’s say, create your own scanner template for a CVE, you need to reverse a patch. And that’s what you’ll...