Build resilient applications
Source code review is a service offered by Foregenix that aims to have a deep look inside the codebase of a client’s application. This service is intended as a complement to the Web Application service offering and looks at the application from a static perspective versus the dynamic approach that penetration testing offers.
Foregenix’ Source Code Review examines application source code to identify vulnerabilities resulting from the use of insecure libraries or application logic which does not adequately consider security requirements. The Source Code Review is the most effective mechanism to achieve a deep and efficient insight into existing or potential application vulnerabilities.
We recommend this service in cases where the application is too big or too complex to be covered by standard penetration testing in a timely and thorough manner.
A web application penetration test is a dynamic exercise that is executed based on the snapshot of functionality and data assigned to the accounts provided to our analysts. It is also limited by them, so if access to a functionality is based on a set of data that the sample application user is lacking, the analyst will be blind towards that functionality and it will remain untested.
Source code review takes away this limitation since it looks at the application at the code level, hence providing access to all code paths.
To perform this service, Foregenix requires access to all application source code and related libraries to ensure there are no blind spots. The source code is subsequently analysed for security vulnerabilities.
The final deliverable of the Source Code Review service offering is a report detailing all the security vulnerabilities that were identified during the inspection of the source code.