awesome-source-auditing
A curated list of source auditing resources.
https://github.com/initsecret/awesome-source-auditing
Last synced: about 11 hours ago
JSON representation
-
Manual Reference
-
Cheatsheets
- iSECPartners LibTech-Auditing-Cheatsheet - awesome checklist, albeit slightly outdated (I forked it with the intention of modernizing it, feel free to chime in with your thoughts [here](https://github.com/sgmenda/LibTech-Auditing-Cheatsheet/issues).)
- Kudelski Security's Auditing code for crypto flaws: the first 30 minutes
- Kudelski Security's Auditing Rust Crypto: The First Hours
- Security assessment techniques for Go projects - awesome blog post, so good that this is the only Go resource on this page!
-
Best Practices
- veorq's Cryptocoding - the definitive source cryptocoding recommendations.
- Pornin's Constant-Time Crypto - the definitive source for constant-time crypto.
-
Vulnerability Lists
- OWASP Top Ten
- 2020 CWE Top 25
- CWE VIEW: Weaknesses Introduced During Design
- CWE VIEW: Weaknesses Introduced During Implementation
- CWE VIEW: Weaknesses in Software Written in C
- CWE VIEW: Weaknesses in Software Written in C++
- CWE VIEW: Weaknesses in Software Written in Java
- Bugs You'll Probably Only Have in Rust
-
-
Automation
-
Automated Searching
- Sourcetrail - source explorer that makes it easy to understand and navigate large code bases.
- Joern - looks like an open-source alternative to CodeQL (I haven't had a chance to play with it yet).
- Joern - looks like an open-source alternative to CodeQL (I haven't had a chance to play with it yet).
- Semgrep - static analysis tool that makes it really easy to search code.
- CodeQL - static analysis tool that is much more powerful than semgrep, but also harder to use.
-
Static Analysis Tools
- cppcheck - simple static analysis tool for C/C++.
- RATS - seems a outdated but you might still be able to get something out of it (I haven't even compiled it, so no warranties here.)
- slither - the goto static analysis tool for solidity.
- AddressSanitizer​
- MemorySanitizer
- UndefinedBehaviorSanitizer
- ThreadSanitizer
- clang static analyzer - easy to use, and might be a good second step after the sanitizers.
- Creating an LLVM Sanitizer from Hopes and Dreams - tutorial on how to write a new LLVM sanitizer.
-
Simple Fuzzers
- AFL - a standard no-frills fuzzing engine
- libfuzzer - a standard no-frills fuzzing engine
- Rust Fuzz Book - instructions on how to fuzz rust projects.
-
-
Thanks
-
War Games / CTFs
-
-
Introduction
-
Guides
- CTF Field Guide - Auditing Source Code - this was my first introduction to source auditing, I highly recommend watching the lectures.
- OWASP Code Review Guide - this guide is quite large but it might be helpful to mentally index it and keep the link handy.
-
-
Practice
-
War Games / CTFs
-
-
Other Awesome Lists
-
War Games / CTFs
-
Categories
Sub Categories
Keywords
c
5
cpp
4
java
4
javascript
3
static-analysis
3
query-language
2
llvm
2
javabytecode
2
graph
2
ghidra
2
fuzzy-parsing
2
dataflow
2
cpg
2
controlflow
2
code-property-graph
2
code-browser
2
code-analysis
2
binary
2
python
2
scala
2
syntax-tree
2
typescript
1
static-code-analysis
1
semgrep
1
sast
1
ruby
1
r2c
1
go
1
yeoman-generator
1
awesome-list
1
vyper
1
solidity
1
ethereum
1
cross-platform
1
cppcheck
1
c-plus-plus
1