So far, the attack techniques we have described have all involved interacting with a live running application, and have largely consisted of submitting crafted input to the application and monitoring its responses. In this chapter, we will examine an entirely different approach to finding vulnerabilities — that is, by reviewing the application's source code.
There are various situations in which it may be possible to perform a source code audit to assist you in attacking a target web application:
Some applications are open source, or use open source components, enabling you to download their code from the relevant repository and scour it for vulnerabilities.
If you are performing a penetration test in a consultancy context, the application owner may grant you access to their source code in order to maximize the effectiveness of your audit.
You may discover a file disclosure vulnerability within an application that enables you to download its source code.
It is often perceived that to carry out a code review, it is necessary to be an experienced programmer yourself and to have detailed knowledge of the language being used. However, this need not be the case. Many higher-level languages can be read and understood by someone with very limited programming experience, and many types of vulnerabilities manifest themselves ...