Technology Insights

Static Source Code Audit On Terminal Using Bash Functions

For anyone that has done a long source code audit is not about really finding the easy/low hanging fruit stuff that can be slow and sometimes a bit “frustrating”. I recently had a nice 660,000 lines of code source code audit to be done in less than 2 weeks, the language was Java, so the first thing that was to be done (they had already hit fortify and other tools with it) and were looking for a bit of more interesting stuff apparently. This raised some specific problems while working and finding the vulnerabilities and exploitability of them.