• Identify potential vulnerabilities
• Achieve a deep insight into application security
• Gain a static perspective
• Receive reports detailing issues with remediation guidance
Source code review and analysis is a service that aims to have a deep look inside the codebase of your application. This service is intended as a complement to the Web Application service offering and looks at the application from a static perspective versus the dynamic approach that penetration testing offers.
Foregenix’ Source Code Review & Analysis examines application source code to identify vulnerabilities resulting from the use of insecure libraries or application logic which does not adequately consider security requirements. The Source Code Review & Analysis is the most effective mechanism to achieve a deep and efficient insight into existing or potential application vulnerabilities.
We recommend this service in cases where the application is too big or complex to be covered by standard penetration testing in a timely and thorough manner.
A web application penetration test is a dynamic exercise that is executed based on the snapshot of functionality and data assigned to the accounts provided to our analysts. It is also limited by them, so if access to a functionality is based on a set of data that the sample application user is lacking, the analyst will be blind towards that functionality and it will remain untested.
Source code review takes away this limitation since it looks at the application at the code level, hence providing access to all code paths.
To perform this service, we require access to all application source code and related libraries to ensure there are no blind spots. The source code is subsequently analysed for security vulnerabilities.
The final deliverable of the Source Code Review & Analysis service offering is a report detailing all the security vulnerabilities that were identified during the inspection of the source code.
1. Review and improve your Software Development Life Cycle to build security as part of your application’s DNA.
2. Identify and prioritise weaknesses in code that are critical to your use cases in a cost effective manner
3. Help your organisation retain the knowledge. Identify skill gaps and provide education to your development team.