Learning Thick Client VAPT with me. Part 9. Source Code Analysis.

Hey all.

Today, we will learn about source code review of our thick client application. For that, we will use visual code grepper.

We can download that from: https://sourceforge.net/projects/visualcodegrepp/

Or from here: https://github.com/nccgroup/VCG

Just install and let’s open that. We can see it can check an application which made by anyone of those 7 languages.

Now we know our thick client is made by .net, so we should select the C# and let's select the whole directory. Here I have used the wholesome folders of DVTA as we need to scan all the elements which is made of C#

Now we need to select the directory from files of visual code grepper. Then select our whole folder.

Once done we can see it took all the necessary files.

Now we need to go to scan module and click on full scan.

We can see all the potential vulnerability as per severity.

We can report these. Also, we can check those unsafe codes are actually unsafe or not by normally see those codes or by some googling.

We have learned the source code analysis of our thick client application. Let’s meet in the next part.