Source Code Review
On-Demand Code Review.
Dynamic Application Security Testing (DAST)
A DAST test is known as a black box source code test because it is performed through the application front end and does not have a view into the internal source code. This type of testing most similarly mirrors the techniques used by attacker to find potential weaknesses. A DAST test can look for a range of vulnerabilities including input/output validation issues, cross-site scripting, SQL injection, and other issues stemming from misconfiguration.
Static Application Security Testing (SAST)
A SAST test is known as a white box source code test because it is performed by constructing code binaries to scan the full application including security of microservices, APIs, data flows through 3rd party libraries, and limited use object classes.
Utilizing Veracode’s static code analysis software, we assess common application codes including:
- Python, Perl, PHP, Ruby on Rails, Scala, ColdFusion, Classic ASP
- iOS (Objective-C and Swift), Android (Java), PhoneGap, Cordova, Titanium, Xamarin
- C/C++ (Windows, RedHat Linux, OpenSUSE, Solaris)
- COBOL, RPG, Visual Basic 6
Recent Blog Posts
Author: Hunter Gregal Cross-site scripting, or otherwise known as XSS, is the most common web application vulnerability on the internet. I have found this to be true through both data research and personal experience during penetration testing engagements. What is...
By: Hunter Gregal A key component of any enterprise network will often be a functional webserver with PHP compatibility and a database back-end. On a Linux server, a common setup is to use Apache HTTP Server as the primary webserver. Combining the Apache HTTP Server...
By: Hunter Gregal So you have an Apache2 webserver completely configured and installed on an Ubuntu/Debian machine. Perhaps you are using a MySQL backend along with PHP support (How To Install LAMP Server On Ubuntu ). But what happens when malicious attackers or bots...