We provide static and source code analysis using commercial and open source tools. Our Security Code Analysis (SCA) offering identifies vulnerabilities present in source code that dynamic code analysis might miss. Source code is scanned for common issues like input validation, buffer overflows, memory allocation functions and other issues that can lead to exploitable vulnerabilities within the application. Especially when combined with dynamic testing (penetration testing), SCA provides a deeper level of security testing.
Source Code Analysis follows the basic process steps below:
Setup – includes loading code into an appropriate IDE and building the application
Automated code analysis using commercial and open source tools
Manual verification of findings
Manual analysis – includes numerous checks for things like encryption, authentication controls, unvalidated input, use of session controls, error handling, and many others