Most application source code vulnerability assessments involve reviewing a large volume of source files.
In general, this work is performed through a combination of static analysis using dedicated tools such as Fortify and manual dynamic analysis conducted by experienced security consultants.
Given the substantial amount of source code that must be manually reviewed during this process, it is often impractical to rely solely on visual inspection. As a result, several auxiliary tools are commonly used to support and enhance the manual assessment workflow.
1. String Search Tool for Windows
A useful Windows-based utility that allows you to search for specific strings across large sets of files. It provides functionality similar to the grep command commonly available on Unix and Linux systems, but tailored for the Windows environment.
Based on my own experience, this tool has proven to be highly effective, though it would be great to share additional alternatives if anyone knows of better options.
– AstroGrep 4.4.4
This tool is released under the GNU license, allowing anyone to use it freely under the terms of the license. Since its source code is publicly available, users may modify or extend it as needed.
As of the latest publicly released version (4.4.4, dated April 1, 2016), it is clear that the project is actively maintained with ongoing updates. Because it is developed based on the .NET Framework, the framework must be installed beforehand.
One of the tool’s key advantages is its simple and intuitive GUI, which makes it easy for anyone to use. It naturally supports Korean and provides useful options such as searching within search results and specifying exclusion strings.
Notably, the tool displays the list of matched files in the upper window and shows the surrounding context of the matched string in the lower window. When needed, users can double-click a file to open it in an external editor for more detailed review.
* Download: http://astrogrep.sourceforge.net/download/
– PowerGREP 4.7.0
Unfortunately, this tool is a commercial product, but it supports a wide range of programming languages—approximately 35 in total—including ABAP, Ada, Ruby, SAS, COBOL, and Fortran, in addition to common modern languages.
Its GUI is clean and simple, making it easy to understand the logic of the source code. When a file is selected, the tool generates both summary-level and detailed flowcharts for the code.
In the demo version, only a single source file can be converted into a flowchart, whereas the commercial version allows processing multiple source files.
In addition to offering other utilities, the tool also provides an export function that outputs generated flowcharts to MS Word or Visio, which can be extremely useful depending on the purpose.
* Download: http://www.powergrep.com/download.html
2. Flowchart Generation Tool
During source code vulnerability assessments, analysts often need to visually review large volumes of source files. The larger and more complex the codebase, the more time it takes to understand the logic behind it.
Flowchart tools can significantly reduce this time. Although originally designed for various purposes, these tools can be surprisingly helpful during source code security analysis.
However, a few considerations are important when selecting such tools. The most critical factor is whether the tool supports the programming languages used in the target application, as supported languages vary from tool to tool.
Another common pitfall is accidentally downloading a tool designed to create flowcharts manually, rather than one that actually generates flowcharts from source code—something that can be quite disappointing. ^^;;
Below are several flowchart tools I found, downloaded, and tested while searching through Google.
– Visustin 7
Unfortunately, this tool is a commercial product, but it supports a wide range of programming languages—approximately 35 in total—including ABAP, Ada, Ruby, SAS, COBOL, and Fortran, in addition to common modern languages.
Its GUI is clean and simple, making it easy to understand the logic of the source code. When a file is selected, the tool generates both summary-level and detailed flowcharts for the code.
In the demo version, only a single source file can be converted into a flowchart, whereas the commercial version allows processing multiple source files.
In addition to offering other utilities, the tool also provides an export function that outputs generated flowcharts to MS Word or Visio, which can be extremely useful depending on the purpose.
* Download: http://www.aivosto.com/shareware/visus710.zip
– Code Visual to Flowchart 2.0
This tool is also a commercial product, and the demo version is limited to 30 uses. It supports around ten programming languages, including Java, C, and PHP.
Like other similar tools, it generates both summary-level and detailed flowcharts, and it provides sample code for each supported language, allowing users to understand how flowcharts will appear for different languages.
In addition to generating flowcharts for the entire source file, the tool also offers the ability to select specific sections of code and produce flowcharts only for those targeted areas.
* Download: http://www.fatesoft.com/s2f/download/CodeVisual2FlowChart.exe
* String Search Keywords
getparam, parameter, request, DB, select, where, hidden, forward, forwarding, file, upload, fileup*, file_up*, upload down, filedown*, file_down*, down, save, password, passwd, password, admin, root, manager, 관리자, member, bak, old, Common Module, editor, editor, filter, security, 보안, xls*, excel, json, card, credit, Resident ID, Jumin, .xml, .properties, jdbc, odbc, test, “url=”