Source Code Review

On-Demand Code Review.

If you’re looking for a security review of your application code we have cost-effective solutions to help.

Dynamic Application Security Testing (DAST)

The DAST approach to application testing scans to find vulnerabilities that a hacker could potentially exploit. We evaluate your web application in its native running state. We start by looking at your application as an anonymous user, then as an authenticated user, and finally as an administrator or power user. Testing examines the front-end interface.

A DAST test is known as a black box source code test because it is performed through the application front end and does not have a view into the internal source code.  This type of testing most similarly mirrors the techniques used by attacker to find potential weaknesses.  A DAST test can look for a range of vulnerabilities including input/output validation issues, cross-site scripting, SQL injection, and other issues stemming from misconfiguration.

Static Application Security Testing (SAST)

The SAST approach to application testing looks for vulnerabilities in the source code. SAST testing requires access to the application’s source code. This is considered a real-time security view of your application inner-workings. Through this test, we can also see what information is being shared with integrated API’s. With API information, we can identify security or data violations.

A SAST test is known as a white box source code test because it is performed by constructing code binaries to scan the full application including security of microservices, APIs, data flows through 3rd party libraries, and limited use object classes.

Utilizing Veracode’s static code analysis software, we assess common application codes including:

  • Java
  • .NET
  • JavaScript & TypeScript (including AngularJS, Node.js, and jQuery)
  • Python, Perl, PHP, Ruby on Rails, Scala, ColdFusion, Classic ASP
  • iOS (Objective-C and Swift), Android (Java), PhoneGap, Cordova, Titanium, Xamarin
  • C/C++ (Windows, RedHat Linux, OpenSUSE, Solaris)
  • COBOL, RPG, Visual Basic 6

Recent Blog Posts

Open Banking Directive and Securing Web Application Vulnerabilities

By: Justin Fimlaid If you haven't heard of it there is a new banking directive in the U.K. called the Open Banking Directive.  This directive went into effect on January 13, 2018.  It's significant for U.S. based banks, because this Directive could apply pressure...

10 Application Security Authentication Requirements

By: Justin Fimlaid Authentication is a critical piece of any application.  It’s also always the piece of security architecture that is commonly attacked, so it’s important to get it right.  When we talk about authentication it’s the act of establishing that someone or...

What exactly are the OWASP Top 10?

By: Eric Kobelski As a software developer turned security engineer, I continue to follow current development technologies, as it makes me more of an effective tester. One of the articles that I was reading contained an interview with one of the applications developers...

Got Code to Review?

Pin It on Pinterest