Security Analysis

Procedures for security vulnerability analysis and code auditing.

When to Use

• Reviewing code for security vulnerabilities

• Conducting security audits

• Implementing security best practices

Core Principles

• Assume All External Input is Malicious - Validate and sanitize all user input

• Principle of Least Privilege - Only grant necessary permissions

• Fail Securely - Never expose sensitive information in errors

Vulnerability Categories

Injection (OWASP A03)

Look for:

• SQL queries with string concatenation

• Shell commands with user input

• Template injection vulnerabilities

VULNERABLE

query = f"SELECT * FROM users WHERE id = {user_id}"

SECURE

query = "SELECT * FROM users WHERE id = %s" cursor.execute(query, (user_id,))

Broken Authentication (OWASP A07)

Check for:

• Weak session token generation

• Missing rate limiting on auth endpoints

• Insecure password reset flows

Sensitive Data Exposure (OWASP A02)

Check for:

• Hardcoded secrets in code

• PII in logs

• Unencrypted sensitive data storage

VULNERABLE - PII in logs

logger.info(f"Processing payment for {user_email}: ${amount}")

SECURE

logger.info(f"Processing payment for user_id={user_id}: ${amount}")

Security Misconfiguration (OWASP A05)

Check for:

• Debug mode enabled in production

• Verbose error messages

• Unnecessary services/ports exposed

Analysis Procedure

• Identify Privacy Sources - User input, API parameters, files

• Trace to Privacy Sinks - Logs, external APIs, responses

• Check for Sanitization - Validation, encoding, parameterization

• Assess Severity - Critical, High, Medium, Low

Severity Levels

Level Impact Example

Critical RCE, full compromise SQL injection with RCE

High Data breach, auth bypass IDOR on sensitive data

Medium Limited data access Reflected XSS

Low Minor info disclosure Verbose errors

Resources

• OWASP Top 10

• CWE/SANS Top 25