Newsletter Events News Contact Us Buy

Source Code Analysis

The software you use and develop will contain inefficiencies and vulnerabilities. This is inevitable. Utilizing Integris Security's Source Code Analysis offerings will minimize the existence and risk that these source code defects create. Our in-depth examination of your code allows our security analysts the ability to look for vulnerabilities "Behind the Curtain". The process of discovering vulnerabilities that affect Confidentiality, Integrity and Accessibility are conducted by direct analysis of a software's source code. Establishing the quality of source code within a security context is extremely important to your company, its employees and most importantly, its customers. This class of security testing allows the detection and prevention of malicious back doors, logic flaws and many other vulnerabilities. There are two methods of using source code analysis, statically and manually.

  • Static Source Code Analysis is the process of scanning source code for security vulnerabilities in an automated fashion. These scans are conducted by trained security analysts with industry best toolkits. This process is quick, is typically lower cost per line of code and can provide a high level insight into source code quality.
  • Manual Source Code Analysis is the process of a security analyst manually inspecting source code. Although this process is more time consuming it does allow for a deeper insight into more complex and higher risk vulnerabilities. Vulnerabilities typically missed by Static Source Code Analysis, for example, business logic flaws, timing based attacks, insecure cryptographic storage routines and others. This method of analysis provides the most exacting and complete results.
  Copyright © 2013-2017   Site Map  Terms of Use Privacy Policy