Source Code Analysis

Description

Source code analysis is the automated and manual testing of source code with the purpose to find security issues and fix them before the application is installed, sold, or distributed.

Source code analysis is synonymous with static code analysis, where the source code is analyzed simply as code and the program is not running.

It concentrates on finding faults already in the code, that could cause problems later when the application is running.

Benefits

Get an independent opinion about the source code.

Be sure that the code running in your environment is secure.

Get a comprehensive report of findings and recommendations.

What we test

We perform automatic source code analysis with the best SAST tools. After automated tests, manual source code review is performed to identify other issues, that SAST tools missed.

Methodology

1 Kick-off meeting

It’s time to define all the details of the project.

2 Automatic static analysis

We’ll let the code run through the SAST tool to identify weak points.

3 Manual analysis

We’ll identify the weak points in the code and perform a manual code review.

4 Reporting

We’ll prepare a detailed report about issues found in the source code.

5 Post activities

We will be there for you to help you fix the code and verify the fixes.