Website Source Code Security Analysis service
eVuln experience in Source Code Security Analysis
Source Code Review is our main activity (not only for commercial reasons). We look for new vulnerabilities in open source applications and release security advisories. The result of this work is widely represented in the Internet.
Source Code Audit cost
We offer Source Code Security Analysis of web applications or websites starting
Secure Website Conception
Vulnerabilities in web applications are the easiest way to penetrate into the system. If you would like to create a secure application, all the possible information leakage ways need to be analyzed.
The key rules for creating a secure application:
- All input data is harmful.
- An area available for attacks needs to be minimized.
- Default access is to be blocked.
- Several independent protection methods are to be used.
If you follow these key rules during all the development process, your web application will be as safe as possible.
Source Code Security Review service
Source Code Analysis service implies that a tester has an access to the copy of web application source code and configuration. This allows to find all the possible security leaks.
Source Code Analysis steps:
- Application's logic discovering – analysis of application logic, identification of potentially vulnerable places.
- Source code analysis – vulnerabilities discovering in application source code.
- Risk assessment - potential damage assessment of every discovered vulnerability.
- Fixing vulnerabilities – making of ready patches or development of vulnerability elimination recommendations.
- Creating a detailed report.
If we find any vulnerability during the test we inform our customers as soon as possible and give them recommendations how to solve a problem without waiting for a full report.
List of attack classes which should be checked:
- XSS (Cross Site Scripting)
- SQL Injection
- Authentication Bypass
- Insufficient Authorization
- Weak Password Recovery Validation
- Client-side Attacks
- Shell Command Execution
- Code Insertion/Execution
- Information Disclosure
- Path Traversal
- Predictable Resource Location
- Abuse of Functionality
- Insufficient Anti-automation
If you have any questions about web application (website) source code security audit service feel free to