In PHP code audit you don't know the point of the Cow Fork Technology

First, preface

PHP code audit, such as the literal meaning of the PHP source code to review, understand the logic of the Code, found in the security loopholes. If there is SQL injection in the audit code, check the code for the transfer and invocation of the SQL statement to the database.

There is no threshold for getting started PHP code audits, just understanding the underlying PHP syntax rules, and understanding the causes of various types of vulnerabilities can start to try to audit PHP source code. The usual vulnerability demo in which SQL statements pass directly into PHP's own functions into the database execution, but in actual software projects, usually programmed with object-oriented thinking, involves various forms of encapsulation, invocation, and a different style of framework, under which only the patience to keep track of the invocation process is required.

In addition to the idea of code auditing, one is to read through the code to parse logic, and the other is to quickly locate some problem function through regular, and then reverse locate the call process. These two ways also correspond to the Code audit tool mainstream realization idea, one is through the parsing process discovers the flaw, another accesses than either is the localization problem function realization.

No matter what the way, focus on the actual reading code, accumulated experience.

The above is a personal point of view, carefully absorbed.

Second, the basic knowledge requirements

PHP syntax

Mainstream vulnerability principle

Iii. Introductory Reading & Reference

Code Audit Primer Summary: http://bbs.ichunqiu.com/thread-8954-1-1.html

PHP Manual: http://php.net/manual/zh/

Code Audit: Enterprise-class web code security Architecture: https://read.douban.com/ebook/16642056/

Iv. Audit actual Combat Basic series

The basic series of 4 articles is basically through some intuitive small case to let people understand from the user's interaction to the execution of the code in the process of how the vulnerability is the form of existence, and how to be exploited, beginners to read this article can make people more quickly understand the process of code audit, as well as the basic audit ideas.

Common Web vulnerability principle Analysis and Utilization mode--sql injection:

Http://bbs.ichunqiu.com/thread-12694-1-1.html

Common Web Vulnerability Code layer principle analysis and utilization way--File Operation Vulnerability Chapter:

Http://bbs.ichunqiu.com/thread-13008-1-1.html

Common Web Vulnerability Code layer principle analysis and use of PHP code execution:

Http://bbs.ichunqiu.com/thread-13465-1-1.html

Common Web Vulnerability Code layer principle analysis and utilization way--file operation:

Http://bbs.ichunqiu.com/thread-13408-1-1.html

Advanced Series

A few of the high-level series in fact, the whole area of code audit is not high-level, but all have its characteristics, and most of it is from the real software project began to explain, you can let beginners understand the actual combat may encounter some problems, as well as the actual combat in the thinking process.

Code audit to bypass background permission restrictions, continue SQL injection:

Http://bbs.ichunqiu.com/thread-10102-1-1.html

Code Audit's breakthrough path limit delete files:

Http://bbs.ichunqiu.com/thread-8979-1-1.html

Code audit of any user password Recovery vulnerability:

Http://bbs.ichunqiu.com/thread-10497-1-1.html

Fatal consequences of improper use of the pseudo-Global Mechanism of code audits:

Http://bbs.ichunqiu.com/thread-11390-1-1.html

Code Audit Bypass Addslashes Summary:

Http://bbs.ichunqiu.com/thread-10899-1-1.html

Both Mel and Bees series specify an audit of an actual software project, and beginners can follow the author's footsteps in digging, contacting, and other types of articles that are cluttered.

MELCMS Analysis Collection

That's what code audits should do MLECMS Getshell:

Http://bbs.ichunqiu.com/thread-13703-1-1.html

Code audits that's the way to go. 2 Mlecms Injections:

Http://bbs.ichunqiu.com/thread-13714-1-1.html

{Code Audit Ideas} (Read + audit) Mlecms (middle-critical vulnerability/not simple):

Http://bbs.ichunqiu.com/thread-11510-1-1.html

BEESCMS Analysis Collection

"A preliminary exploration of code auditing" Beescms V4.0_r SQL:

Http://bbs.ichunqiu.com/thread-12635-1-1.html

Further thoughts on the BEESCMS SQL Injection Vulnerability:

Http://bbs.ichunqiu.com/thread-13606-1-1.html

That's what code audits do. 3 Beescms Getshell:

Http://bbs.ichunqiu.com/thread-13977-1-1.html

Beecms arbitrary file deletion:

Http://bbs.ichunqiu.com/thread-14540-1-1.html

Other

PHP Code Audit: Null Character issue:

Http://bbs.ichunqiu.com/thread-4349-1-1.html

A CMS case to explain PHP code audit introduction:

Http://bbs.ichunqiu.com/thread-16775-1-1.html

PHP Code Audit storage XSS Formation defense plus use of the article:

Http://bbs.ichunqiu.com/thread-10532-1-1.html

Zzcms Code Audits:

Http://bbs.ichunqiu.com/thread-14684-1-1.html

It is also important to mention that Web applications written in different languages have similarities, and that when you are familiar with the code audit process in a language, you can actually extend it to other languages. You will find that the basic principle is similar, of course, the difference is still there, such as addslashes and NULL in the article is so, it is the language of PHP unique problem, and some other differences are not detailed here.

Five, I spring and autumn course recommended

PHP Code Audit Combat:

http://www.ichunqiu.com/course/54473

Vi. Code audit tools recommended rips

It can check out the common vulnerabilities such as XSS, SQL injection, sensitive information disclosure, file inclusion, can scan code in a regular way to discover vulnerabilities, or you can use custom syntax to scan code to discover problems.

Download Link: http://rips-scanner.sourceforge.net/

Reference articles

Tools recommended: Three automated code audit tools: http://bbs.ichunqiu.com/thread-16776-1-1.html

Vii. related Reading

SQL injection Vulnerability in the MyBatis framework:

Http://bbs.ichunqiu.com/thread-12574-1-1.html

How to use grep to perform code audits on PHP:

Http://bbs.ichunqiu.com/thread-16779-1-1.html

Python Secure Coding & Code audits:

Http://bbs.ichunqiu.com/thread-16770-1-1.html

Conclusion

This post is designed to help you better and more systematic study of code audit, we have any suggestions to advise,

Next Technical Topic Research:

We will be in these two days to determine the next week's technical topics, you want to learn the designated technology can leave a message application, we will adjust according to the needs of the project, thank you for your support!

In PHP code audit you don't know the point of the Cow Fork Technology