Source Code Auditing is an important part of security. Being proactive in looking for security bugs before the software is shipped is great way to cut down the risks. Though Source Code Auditing can be performed before the code is shipped or after the code is compiled and shipped as binary. In this talk I would share some of tactics and tools that I use to perform code auditing and explain different types of vulnerabilities present in code caused by for e.g Buffer Overflows, Heap Overflows , data type, arithmetic computations and etc. Some parts of this talk would have live demo and also might go into live pentesting according to time frame.
- Introduction - Why we need to perform source code audits - Defining scope of audit
- SoftWare Auditing Tactics [ C/C++ ] - Attack plan with limited time frame - Where to attack - How to attack - Which tools to use - Understanding the impact of vulnerability
This talk is only focused on auditing software written in C/C++. But one can take some parts of this talk and would be able to implement into their own working environment.
