Code vulnerabilities on applications

Hi everyone,
I wanted to know, what should be the first thing to test on code? which key words should I look for? or what are the most common vulnerabilities on a source code


Seems duplicate. Since replies are already in the other thread, this one can be deleted.

I don’t think so roaring
this one is for code and the other one is more focused on app, isn’t it?

The most common vulnerabilities found in code are the following:

  • FIN.0001. SQL Injection

Search for select or insert concatenated in strings

  • FIN S.0011. Use of components with known vulnerabilities

Use asserts to check the code for vulnerable dependencies or something like source clear

  • FIN.S.0020. Absence of encryption of confidential information

Look for strings like key,user,pass,aws, secret in the code, also you can check the git history using truffleHog for credentials

  • FIN S.0026. User enumeration

Find the login and register functions on the code and check if the error messages says that the users are invalid somehow

  • FIN.S.0024. Unrestricted access between network segments

If you find for example database credentials, check whether you can connect to it from internet without special permissions. Also if is IaC you can check if someone can connect to administrative ports like 22 from

  • FIN S.0034. Insecure random number generation

Search for insecure random functions like math.random

  • FIN S.0035. Weak Credential Policy

Find the register or the change password function to check the password policy, you can use this rule

  • FIN S.0039. Use of web services without authorization

Try to use web services listed on the code without authentication, specially the ones that get data from a database

  • FIN S.0048. Lack of detection of rooted systems

If it is an application, look for root or jailbreak in the code and if they validate those states

  • FIN S.0052. Unsafe Encryption Algorithm

Search in the code the usage of insecure algorithms like 3des or blowfish

  • FIN S.0053. Absence of protection against brute force attacks

Look for the login page and check if there is a captcha

  • FIN.H.0060. Insecure exceptions

Check the code of generic exceptions but you need to be sure that they are not managing exceptions upwards in the code

  • FIN.H.0061. Errors without traceability

Check the code for captcha functions without a call to a log but you need to be sure that they are not saving the event upwards in the code

  • FIN S.0063. Improper input validation

Search in the code words like valid and check those functions

  • FIN.H.0073. Conditional without default option

Search in the code for switch without a default case

  • FIN.0074. Functional code commented

Simply check for commented portions of code

  • FIN.S.0078. Insecure token generation

Search for keywords like token or jwt and check how it’s generated

  • FIN.H.0079. Non-upgradeable dependencies

Check if there are libraries installed directly in the source code

There are more vulnerabilities that can be found on code, but these are the easiest to find and the first that need to be checked in every project