Skip to content

Update and rename Code Streams.md to Code streams.md #251

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Ambg05 wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Update and rename Code Streams.md to Code streams.md #251

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ed0315e
Update and rename Code Streams.md to Code streams.md
Ambg05 Oct 10, 2016
15f061b
Update and rename Code streams.md to Code Streams.md
Ambg05 Oct 10, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions content/21.From-Audio/to-fix-transcription/Misc/Code Streams.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
**Code Streams**
### Code Streams

Once I had the method streams, I started to look at what else could I do with it and I realized that I could also start to follow the individual code assignment. So what I did was I created what I call code streams which is basically each individual path as I was basically able to calculate them.
Once I had the method streams, I started to look at what else could I do with them. I realized that I could also start to follow the individual code assignment. I created what I call code streams, which is basically each individual path as I was able to calculate them.

So, you follow variable assignments,you follow variable being called and then you come up with basically a list of location source code and the exact locations in the actual column and line of where the call is. And basically by that you actually have the equivalent of what a lot of static analysis engines actually do which you basically have source to sync technology being followed.
You follow variable assignments, you follow the variables being called and then you come up with a list of location source code and the exact locations in the column and line of where the call is. You now have the equivalent of what a lot of static analysis engines do: you have source to sync technology being followed.

And the key power of this is both method streams and code streams have API so you can program it. So in a way the real value came after you had this technique. So I remember a case where I basically was able to glue calls. So for example a particular web services calls so I could create a method stream that would join them and where the code stream now would basically start on a website and then transverse to web service, ends on a SQL statement.
The key power of this is both method streams and code streams have API so you can program them. The real value comes after you have developed this technique. I remember a case where I was able to glue calls. I was able to glue a particular web service's calls so I could create a method stream that would join them. The code stream now started on a website, then transversed to a web service, and ended on a SQL statement.

I was able to do things where I would resolve SQL queries through procedure perimeters and then inject the code of the start procedure in the actual file at a place where there was XML validation or parsing occurring before you hit the web service, so I was able also to put that at the top so I was able to confirm which fields are actually tainted even from the point of view of the web service.
I was able to do things where I would resolve SQL queries through procedure perimeters, and then inject the code of the start procedure in the actual file at a place where XML validation or parsing occurred before I hit the web service. This allowed me to put that at the top so I was able to confirm which fields were tainted, even from the point of view of the web service.

And that was something that actually worked really well because again from a code review point of view, you have all the information available. And I think that is what we should be able to aim, we should aim to grab any point in the application but namely the methods that are exposed to attackers so basically the attack surface and be able to say, "show me all the code that goes from here, show me all the methods, all the variables, all dependencies, all the filters in a way every bit of line of code that passes through here".
That worked really well because, again from a code review perspective, I had all the information available. That is what we should aim for: we should aim to grab any point in the application, but namely the attack surface, or the methods that are exposed to attackers, and we should be able to say, "Show me all the code that goes from here, show me all the methods, all the variables, all the dependencies, all the filters. In short, show me every bit of line of code that passes through here".

And that is when you really get good sense of what is going on and actually what is really happening on the application.
And that is when you really get a good sense of what is going on and what is really happening on the application.