Source Code Analysis

As the enterprise today is under continuous threat from hackers and malicious attacks, source code analysis has become a top priority. By reviewing internally developed applications before they are deployed and third-party software before it is purchased, enterprises can find and fix software vulnerabilities before they can be exploited for malicious purposes.

Source code analysis is the automated testing of source code for the purpose of find security flaws in a computer program or application before it is distributed or sold. Ideally, such tools would automatically find security flaws with such a high degree of confidence that what's found is indeed a flaw.

Source code analysis can be either Static or Dynamic.

In static analysis, debugging is done by examining the code without actually executing the program.

In dynamic analysis, test is performed in an effort to uncover more subtle defects or vulnerabilities. Dynamic analysis consists of real-time program testing.

Our team supports and test a wide variety of development environments, languages, platforms, and frameworks to enable security reviews in mixed development and production environments.

Supported languages:

 

ABAP/BSP

ActionScript/MXML (Flex)

ASP.NET, VB.NET, C# (.NET)

C/C++

Classic ASP (w/VBScript)

COBOL

ColdFusion CFML

HTML

Java (including Android)

JavaScript/AJAX

JSP

Objective-C

PHP

PL/SQL

Python

T-SQL

Ruby

Swift

Visual Basic

VBScript

XML