the-web-application-hackers-handbook

CHAPTER
19
Finding Vulnerabilities
in Source Code
So far, the attack techniques we have described have all involved interacting
with a live running application and have largely consisted of submitting crafted
input to the application and monitoring its responses. This chapter examines an
entirely different approach to finding vulnerabilities — reviewing the application’s
source code.
In various situations it may be possible to perform a source code audit to help
attack a target web application:
n Some applications are open source, or use open source components,
enabling you to download their code from the relevant repository and
scour it for vulnerabilities.
n If you are performing a penetration test in a consultancy context, the application
owner may grant you access to his or her source code to maximize
the effectiveness of your audit.
n You may discover a file disclosure vulnerability within an application that
enables you to download its source code (either partially or in its entirety).
n Most applications use some client-side code such as JavaScript, which is
accessible without requiring any privileged access.
It is often believed that to carry out a code review, you must be an experienced
programmer and have detailed knowledge of the language being used.
However, this need not be the case. Many higher-level languages can be read
701