Open singhalkarun opened 2 months ago
- [ ] Come up with the 5 most important tests to have in system by Tue EOD
- [ ] Reasoning why you are picking these 5 by Tue EOD
5 Most common security analysis with errors they cause:
Static Application Security Testing (SAST): This test analyzes source code to identify security flaws without executing the code. It's essential for detecting vulnerabilities like SQL injection and other code-related issues early in the development cycle.
Dynamic Application Security Testing (DAST): DAST tools test the application as it's running. It's crucial for identifying runtime issues such as authentication and session management problems, which are not detectable by SAST.
Dependency Scanning: Since modern applications often use open-source libraries, dependency scanning is vital to detect known vulnerabilities in these components.
Configuration Scanning: This test checks for improperly configured permissions, open ports, and other security misconfigurations that could be exploited.
Penetration Testing: This is a simulated cyber attack against your system to check for exploitable vulnerabilities, including those that may arise from business logic errors.
CodeQL treats code as data. It analyzes the codebase by creating a CodeQL database that represents your codebase. Then, it runs queries against this database to identify potential vulnerabilities and errors. The process involves three main steps:
Snyk is a developer security platform that helps to find and fix vulnerabilities in various aspects of software development. Here's how Snyk works:
- [ ] Implemetation of these 5 actions by Wed EOD
Here a sample code repo I have created: https://github.com/Himasnhu-AT/security What it Does?:
Vulnerable Code:
let bufferOverflow: string[] = [];
function addToBuffer(input: string) {
// Simulating buffer overflow by not checking the length of input
bufferOverflow.push(input);
}
Detection by Script:
Our script will look for array manipulations and check if there are any safeguards for buffer limits.
Script Code:
import {
Node,
isCallExpression,
createSourceFile,
ScriptTarget,
SyntaxKind,
forEachChild,
} from "typescript";
const sourceCode = `
let bufferOverflow: string[] = [];
function addToBuffer(input: string) {
bufferOverflow.push(input);
}
`;
const sourceFile = createSourceFile(
"tempFile.ts",
sourceCode,
ScriptTarget.Latest,
true
);
const securityIssues: string[] = [];
const analyzeNode = (node: Node) => {
if (isCallExpression(node)) {
const functionName = node.expression.getText();
if (functionName.includes(".push")) {
securityIssues.push(
`Potential buffer overflow detected in function using array. Ensure proper length checks.`
);
}
}
forEachChild(node, analyzeNode);
};
forEachChild(sourceFile, analyzeNode);
if (securityIssues.length > 0) {
console.log("Security issues found:");
securityIssues.forEach((issue) => console.log(`- ${issue}`));
} else {
console.log("No significant security issues found.");
}
Script Output:
Security issues found:
- Potential buffer overflow detected in function using array. Ensure proper length checks.
This approach involves sending the code to an AI for analysis. The AI reviews the code and identifies security flaws, providing detailed reports with severity levels and proposed solutions.
{
"report": [
{
"codeWithBug": "//! @Himasnhu-AT Improve token generation logic",
"severity": "medium",
"proposedSolution": "Tokens should be generated using a secure random number generator and should be cryptographically strong."
},
{
"codeWithBug": "//! @Himasnhu-AT Improve verification Code generation logic",
"severity": "medium",
"proposedSolution": "Verification codes should be generated using a secure random number generator and should be cryptographically strong."
},
{
"codeWithBug": "if (body.token != verificationCode)",
"severity": "medium",
"proposedSolution": "Verification codes should be compared using a constant-time comparison function to prevent timing attacks."
},
{
"codeWithBug": "//! @Himasnhu-AT Hash this password",
"severity": "high",
"proposedSolution": "Passwords should be hashed using a strong hashing algorithm such as bcrypt or scrypt."
},
]
}