Source Code Audit
Manual Review
Automated Scanning
Detailed Reporting
Source Code Audit
Uncovering vulnerabilities at the source. Ideally part of the software development lifecycle, this activity aims to identify areas in the source code of an application that violate secure coding practices and result in gaps that can be exploited by attackers. Manual code review is done on top of automated scans to spot logic bombs, backdoors, and other vulnerabilities.
Our Process
Strategies and Logistics for the engagement are discussed and agreed upon.
Source code is handed over through the agreed secure medium.
Use Static Application Security Testing (SAST) tools to scan the source code for potential vulnerabilities, security flaws, and coding issues.
Manual validation of automated scan result and manual review of the source code to identify complex or subtle security issues.
Findings, evidences, and recommendation for each finding are consolidated into a written report.
Remediation done to address the vulnerabilities in the submitted report will be verified.