Source Code Review
On-Demand Code Review.
Dynamic Application Security Testing (DAST)
A DAST test is known as a black box source code test because it is performed through the application front end and does not have a view into the internal source code. This type of testing most similarly mirrors the techniques used by attacker to find potential weaknesses. A DAST test can look for a range of vulnerabilities including input/output validation issues, cross-site scripting, SQL injection, and other issues stemming from misconfiguration.
Static Application Security Testing (SAST)
A SAST test is known as a white box source code test because it is performed by constructing code binaries to scan the full application including security of microservices, APIs, data flows through 3rd party libraries, and limited use object classes.
Utilizing Veracode’s static code analysis software, we assess common application codes including:
- Python, Perl, PHP, Ruby on Rails, Scala, ColdFusion, Classic ASP
- iOS (Objective-C and Swift), Android (Java), PhoneGap, Cordova, Titanium, Xamarin
- C/C++ (Windows, RedHat Linux, OpenSUSE, Solaris)
- COBOL, RPG, Visual Basic 6
Recent Blog Posts
By: Randy Duprey What is Red Teaming? Red teaming in general can be defined as a goal-based adversarial testing process. The concept has existed since the sixth Century BCE when the ancient military genius Sun Tzu stated that "…one who knows the enemy and knows...
By: Eric Kobelski, Security Engineer One question that we get consistently is “What exactly is a web application penetration test?”. There are some companies that will run a vulnerability scanner against your application and call that a penetration test, but this is...
By: Eric Kobelski, Security Engineer Updated on: 06/28/2018 Burp’s Collaborator is a useful tool to assist with web application (webapp) penetration and security testing; particularly when malicious payloads are injected and then exercised by a...