Source code auditing is an essential part of the vulnerability discover process. It is performed by analyzing software source code to find security bugs and misuse of functions that can lead to security vulnerabilities.
The process is often divided into four steps
- Search the source code for dangerous function calls
- Lunch known attacks against the application
- Send unexpected input to the application and inspect the results
- Analyze the application behaviour to discover vulnerabilities
Manual source code review is the most comprehensive way to discover vulnerabilities and fix them since we can help vendors to secure their applications.
It's important that the source code audit is performed by an external entity. Even if the author is a skilled programmer, a self code analisys is insufficent: if you write a book you can not review it by yourself.
A source code audit can reveal vulnerabilities souch as:
- Memory corruption (buffer overflow/undeflow, unsafe pointer handling ecc...)
- Remote command execution (ie unsafe exec() calls)
- Double free
- Format string
- SQL injection
- Remote or remote file include
- Cross Site Scripting and Cross Site Request Forgery
- Unsafe data handling