This article will be useful for hacking apps in any language! There’s a list on the Sonarsource blog with quirks and unexpected behaviours of Python that can mislead developers and result in security vulnerabilities. The article is soo good! Even if you know nothing...
Source code
Step-by-step process of writing CodeQL queries
CodeQL is one of the things I will learn in 2022. I even started writing some queries on Elastic codebase for the bounty vlog #2 but so far only for educational purposes. If there’s something that worries me about CodeQL, it’s the fact that resulting queries are...
Finding source code bugs with CodeQL the easy way
I talk about CodeQL a lot. Maybe even too much, considering I don’t even write queries (yet!). The reason is that writing them is hard and requires me to invest some time first. Time which I don’t want to invest right now. The good thing is that you don’t have to know...
Debugging a Java application with decompiled source code
I think debugging is a great skill and a huge help when auditing a source. However, it’s not always easy or possible to set up. For example, for a long time, I thought you can’t debug decompiled Java code. But turns out you can! Here’s a guide on how to do this:...
Q&A about source code review and debugging
Last week, I made an AMA here over email about source code review and debugging. As one of you suggested, it would be cool to aggregate responses and show them to other people. So I selected the most commonly asked questions. Here they are. Do I need to know the...