@roguesecurity said:
@21y4d Thanks for the excellent review.Could you provide some resources (books, CTFs?) for practicing code review of large code base? How one should approach the code review and what should be the methodology.
Honestly, this was one of the difficult parts of OSWE, and eventually I had to go through real web apps in each language, and find my way around each language, and how to quickly identify each type of vulnberabilities, both in linux and windows.
There’s one reference that might be good, chapter 19 in the Web Application Hacker’s Handbook. But I think you must practice this for each language, and find your way around it.
I’m sure more experienced developers in each language would have much more efficient ways of going through the code, but I didn’t find anything useful, so I had to come up with my own way.