Can you explaint what is your website Source Code analysis services?

How you can detect these vulnerabilities without running it?
If I want to do it with my website, how I do with you?
Can you give me example how you detect?

Anonymous

Here are my answers:

>How you can detect these vulnerabilities without running it?
Several types of vulnerabilities (like XSS, SQL Injections...) may be detected without code running. Sure, we need to run the code to identify a vulnerability for 100%. During the source code review we find potentially vulnerable pieces of code and then check it by running this code with some unexpected input data.


>If I want to do it with my website,how I do with you?
There are several ways:
1) You give us a sources and make website copy on another address like test.website.com for tests.
2) You may give us a sources and explain how to install them for tests.
3) We can do testing on working website. We will inform about possible consequences.

>Can you give me example how you detect?
We combine automated and manual source code review.
For example:

<?php
echo $_GET['name'];
?>

I can say (without running the code): this PHP code 100% has XSS vulnerability . Automated tools also will detect this simple example.

Best regards,
Alex.

Alex
Security Expert

Name:  
Email: 

Note: your question may be published on this website after pre-moderation.
Advisories by vuln type