Sonar ResearchDec 24, 2022

Can you spot the vulnerability? #codeadvent2022 #PHP #appsec

It is always challenging for developers to account for multiple operating systems...

https://www.sonarsource.com/knowledge/code-challenges/advent-calendar-2022/?day=24

the home of clean code

Sonar’s industry leading solution enables developers and development teams to write clean code and remediate existing code organically.

Sonar ResearchDec 23, 2022

Can you spot the vulnerability? #codeadvent2022 #C #appsec

Is there a way to hit very-sensitive-internal.service?
No TOCTOU here, as the targeted service validates the Host header very strictly.

https://www.sonarsource.com/knowledge/code-challenges/advent-calendar-2022/?day=23

the home of clean code

Sonar’s industry leading solution enables developers and development teams to write clean code and remediate existing code organically.

Sonar ResearchDec 22, 2022

Can you spot the vulnerability? #codeadvent2022 #csharp #appsec

It's just doing a dummy build, so what could go wrong?

https://www.sonarsource.com/knowledge/code-challenges/advent-calendar-2022/?day=22

the home of clean code

Sonar’s industry leading solution enables developers and development teams to write clean code and remediate existing code organically.

Show threadThe Bug Bounty HunterDec 21, 2022
Day 20 of 24 #codeadvent2022 #CSharp
@[email protected]
https://twitter.com/Sonar_Research/status/1605231561120501761
Sonar Research on Twitter

“Can you spot the vulnerability? #codeadvent2022 #csharp This new log ingestion server is super efficient. Let's hope nobody can inject log messages! https://t.co/92rurdax8l”

Twitter
Show threadThe Bug Bounty HunterDec 21, 2022
Day 18 of 24 #codeadvent2022 #JS
@[email protected]
https://twitter.com/Sonar_Research/status/1604506784403693570
Sonar Research on Twitter

“Can you spot the vulnerability? #codeadvent2022 #JS The administrator is happy to click on any of the links you'll send them, what could go wrong? https://t.co/3BmMOgtZGA”

Twitter
Show threadThe Bug Bounty HunterDec 21, 2022
Day 16 of 24 #codeadvent2022 #Python @[email protected]
https://twitter.com/Sonar_Research/status/1603782005581381634
Sonar Research on Twitter

“Can you spot the vulnerability? #codeadvent2022 #Python Who's to blame for this bug? https://t.co/Ho766cpLyz”

Twitter
Show threadThe Bug Bounty HunterDec 21, 2022
Day 17 of 24 #codeadvent2022 #Python @[email protected]
https://twitter.com/Sonar_Research/status/1604144388375924736
Sonar Research on Twitter

“Can you spot the vulnerability? #codeadvent2022 #Java Sanitization can be tricky, is there a way to exploit this application? https://t.co/JhKcXbONYQ”

Twitter
Show threadThe Bug Bounty HunterDec 21, 2022
Day 21 of 24 #codeadvent2022 #Java
@[email protected]
https://twitter.com/Sonar_Research/status/1605593952144527360
Sonar Research on Twitter

“Can you spot the vulnerability? #codeadvent2022 #Java Complex systems are often composed of multiple services communicating with each together. Can you determine how an attacker can leverage this architecture here? https://t.co/p6rQTdPgUb”

Twitter
Show threadThe Bug Bounty HunterDec 21, 2022
Day 19 of 24 #codeadvent2022 #Python
@[email protected]
https://twitter.com/Sonar_Research/status/1604869170390237187
Sonar Research on Twitter

“Can you spot the vulnerability? #codeadvent2022 #Python Urgh, the maintainers of unstable-avatar-service.tld are breaking their DNS every now and then. What do you think of this new version of my avatar proxy? https://t.co/vTkzDX2a0N”

Twitter
Sonar ResearchDec 21, 2022

Can you spot the vulnerability? #codeadvent2022 #Java #appsec

Complex systems are often composed of multiple services communicating with each together. Can you determine how an attacker can leverage this architecture here?

https://www.sonarsource.com/knowledge/code-challenges/advent-calendar-2022/?day=21

the home of clean code

Sonar’s industry leading solution enables developers and development teams to write clean code and remediate existing code organically.