|
Source Code Analysis Service
Apart from educating developers, the most efficient method of preventing application vulnerabilities is analysis of source codes and their design. Certain vulnerabilities caused by a variety of factors such as carelessness in application development, negligence, malicious intention or ignorance can be very difficult to identify by other methods; these may only be identified through source code inspection and analysis.
The detection of vulnerabilities during penetration tests is dependent on factors such as users' rights, the scope of the test scenario and the component in which the hole is identified. It is not possible to test a given application from all possible perspectives. Detection of vulnerabilities without neglecting any particular scenario only becomes possible when analyzing the application source code. For example, in a web application, it may not be possible to detect gaps in a batch simply by performing a penetration test, but detection becomes possible with source code analysis.
Source code analysis can also help identify logical errors and malicious sections of code which would otherwise be impossible to detect.
Biznet provides source code analysis as follows:
Basic source code analysis includes evaluation by Biznet experts of results gathered from source code analyses carried out with automatic tools. A summary is then prepared, indicating gaps and suggested solutions. This package is suitable for clients with low-cost service demands.
Detailed source code analysis service provides a detailed report prepared using both automatic tools and Biznet staff with expertise in application development. Detailed suggestions in the form of reports are prepared for any gaps detected during analysis. Training in safe application development based on the specific gaps found in applications can also be provided according to the needs of the client.
|
Site Map
