Website Source Code Security Analysis service
eVuln experience in Source Code Security Analysis
Source Code Review is our main activity (not only for commercial reasons). We look for new vulnerabilities in open source applications and release security advisories. The result of this work is widely represented in the Internet.
Source Code Audit cost
We offer Source Code Security Analysis of web applications or websites starting
Also we can offer partial Source Code Analysis free of charge.
Secure Website Conception
Vulnerabilities in web applications are the easiest way to penetrate into the system. If you would like to create a secure application, all the possible information leakage ways need to be analyzed.
The key rules for creating a secure application:
- All input data is harmful.
- An area available for attacks needs to be minimized.
- Default access is to be blocked.
- Several independent protection methods are to be used.
If you follow these key rules during all the development process, your web application will be as safe as possible.
Source Code Security Review service
Source Code Analysis service implies that a tester has an access to the copy of web application source code and configuration. This allows to find all the possible security leaks.
Source Code Analysis steps:
- Application's logic discovering – analysis of application logic, identification of potentially vulnerable places.
- Source code analysis – vulnerabilities discovering in application source code.
- Risk assessment - potential damage assessment of every discovered vulnerability.
- Fixing vulnerabilities – making of ready patches or development of vulnerability elimination recommendations.
- Creating a detailed report.
If we find any vulnerability during the test we inform our customers as soon as possible and give them recommendations how to solve a problem without waiting for a full report.
List of attack classes which should be checked:
- XSS (Cross Site Scripting)
- SQL Injection
- Authentication Bypass
- Insufficient Authorization
- Weak Password Recovery Validation
- Client-side Attacks
- Shell Command Execution
- Code Insertion/Execution
- Information Disclosure
- Path Traversal
- Predictable Resource Location
- Abuse of Functionality
- Insufficient Anti-automation
If you have any questions about web application (website) source code security audit service feel free to
Latest information about Source Code Analysis
21.02.2012 10:37 New BitNami Stack - Review Board - Source Code review system - details >>
21.02.2012 00:24 Easy C++ Source Code Analysis with Visual CppDepend « Sobbayi Tech Blog details >>
20.02.2012 15:02 Soothsayer - Source Code Analysis And Advice details >>
20.02.2012 10:02 Soothsayer: Soothsayer is a source code analysis and advice tool for software developers that provides advanced ... details >>
20.02.2012 08:02 What's HOT in Application Security Vol #1
20.02.2012 01:00 For source code analysis and code reviews, you might want to take a look at Klocwork: details >>
18.02.2012 19:24 Source Code Analysis and Manipulation (Scam 2001), 1st IEEE International Workshop on: details >>
17.02.2012 17:05 del chl: open source code review i: libuv « pedro larroy: details >>
14.02.2012 14:17 The Evolution of Source Code Analysis geY: .Qpz details >>
14.02.2012 13:54 Automated Source Code Analysis OWz: .MEt details >>
13.02.2012 22:33 Sixth IEEE International Workshop on Source Code Analysis and Manipulation (Scam 2006): details >>
13.02.2012 14:42 Source Code Analysis Tools
13.02.2012 11:20 Source Code Analysis Tools
13.02.2012 09:20 Source Code Analysis in an Agile World Nxk: .Ysu details >>
11.02.2012 23:56 Source Code Analysis Tool details >>
11.02.2012 21:18 Source Code Analysis Tool details >>
11.02.2012 21:18 The Evolution of Source Code Analysis iHC: .MBT details >>
11.02.2012 21:18 Automated Source Code Analysis GIz: .Tyr details >>
10.02.2012 20:32 Source Code Analysis in an Agile World PhH: .jVv details >>
10.02.2012 00:33 Sixth IEEE International Workshop on Source Code Analysis and Manipulation (Scam 2006): details >>
Source Code Analysis Archive 2011