Powering up your source code auditing with parsers
Ғылым және технология
Get the code here: github.com/HackOvert/LazyBloo...
Full Disclosure link: seclists.org/fulldisclosure/2...
This video is a follow up to a called Source Code Auditing which looked at methods for manual source code audits to find bugs. This time we revisit source code auditing, but apply more intelligence to the problem by using a parser to power our analysis.
Watch the Source Code Auditing video:
• Source Code Auditing
Thumbnail photo by Luigi Estuye, LUCREATIVE on Unsplash.
Intro/outro music is "In Reverse" (Lone Wolf Albumn) by Streambeats / Harris Heller.
Пікірлер: 2
Did you get a chance to look into CodeQL? That should save you so much time instead of using tree-sitter. PHP is unfortunately not supported...
@HackOvert
3 жыл бұрын
CodeQL looks so cool. I'm really hoping the future will bring additional language support to the platform. I just noticed their bug bounty program which rewards CodeQL queries that models vulnerabilities in open source software (details here securitylab.github.com/bounties/). Thanks for bringing this up, I think this would be a fun project to work on.