In Secure Coding, we start by reviewing the codebase to understand the main functionality of the code. After that, we start looking for potentially vulnerable functions that have direct/indirect user control over them and analyze them to see whether they are vulnerable. Before we start, here is the general structure we will follow in the module.

We will discuss two main topics: Code Review and Secure coding, as follows:

Code Review

  1. Code Analysis
  2. Reverse Engineering

Secure coding

  1. Vulnerability Identification
  2. Proof of Concept
  3. Code Evaluation
  4. Code Patching

Such processes in which we analyze the source code and check for vulnerabilities that might often occur in Whitebox penetration tests. Our customer discloses everything necessary for the penetration test (or at least most of it). If we find such vulnerabilities during our penetration test, we have to teach our customers how to close them.