New Code-Based Format for Vulnerability Write-Ups

Security write-ups describing how hacks work are popular, because ethical hackers want to (and have to) keep learning. However, current write-ups consist mainly of text, with some code snippets. While the point is the vulnerable path through the code.

Therefore, Codean launched a new format, which is based on the codebase with the story next to it. Because we believe that explaining a hack from the codebase leads to a deep and holistic insight of the vulnerability.

For this format we use the Community Edition of Codean. There you have the whole codebase in front of you, and click step by step through the vulnerable path. That makes you see how the vulnerability works: from input field to misuse, from source to sink.

The first write-up is now published, about a vulnerability in a combination of several Node packages (Feathers, Sequelize and SocketIO). Last year we found vulnerabilities in these packages that led to 6 CVEs, so we knew the code already. We think it’s wonderful how knowledge is shared in the security world, therefore we gladly like to contribute.

You can find this first write-up here. 

Ps: all code-based write-ups are free to share for non-commercial use. If you want to write your own write-ups in this format, you can also use the Community Edition of Codean or contact us to develop new write-ups together.