Security write-ups describing how hacks work are popular, because ethical hackers want to (and have to) keep learning. However, current write-ups consist mainly of text, with some code snippets. While the point is the vulnerable path through the code.
Therefore Codean launched a new initiative, Vulnerability Showcase, which offers a new write-up format presenting the codebase with the story next to it. Because we believe that explaining a hack from the codebase leads to a deep and holistic insight of the vulnerability.
We think it’s wonderful how knowledge is shared in the security world, therefore we gladly like to contribute.
How does it work?
For this format we use the Community Edition of Codean. There you have the whole codebase in front of you, and click step by step through the vulnerable path. That makes you see how the vulnerability works: from input field to mis-use, from source to sink.