Authors: linkedin, twitter, whatever links
Disclaimer: It is still under research, this guide can be extended.
Introduction to framework or technology the paper is dedicated to, or the TL;DR
- Create a check list based on the
review methodologysection -
some rules are not defined ... -
app has no internal sanitization while using this function check smth ... -
review this function for rce ... -
…
Intro to the review, provide a short bio of the framework / technology / language
If the setup is needed, what to do, add code snippets, commands, methods to get started.
If the framework has a complex architecture, it makes sense to tell abstract what it is, where to look at, make brief summary how it is located in the code etc …
The main reason we are doing this project it is not just to include the sinks, we need to give our complex review of the problem.
- Show the sink
- Define the attack surface
- Tell where and why in those places the vulns can appear, how function here works, add charts, add visual support (images, videos, charts) for better understanding
- Include examples with vulnerable source code
- Is there any detailed case study? Provide the link
- Way to identify the issue through the source code
If vulnerability has subcategories we can split them into parts, to make it easier for the reader to consume the information, it is for better structuring
- link
- link
- link