Source Code Review
On-Demand Code Review.
Dynamic Application Security Testing (DAST)
A DAST test is known as a black box source code test because it is performed through the application front end and does not have a view into the internal source code. This type of testing most similarly mirrors the techniques used by attacker to find potential weaknesses. A DAST test can look for a range of vulnerabilities including input/output validation issues, cross-site scripting, SQL injection, and other issues stemming from misconfiguration.
Static Application Security Testing (SAST)
A SAST test is known as a white box source code test because it is performed by constructing code binaries to scan the full application including security of microservices, APIs, data flows through 3rd party libraries, and limited use object classes.
Utilizing Veracode’s static code analysis software, we assess common application codes including:
- Python, Perl, PHP, Ruby on Rails, Scala, ColdFusion, Classic ASP
- iOS (Objective-C and Swift), Android (Java), PhoneGap, Cordova, Titanium, Xamarin
- C/C++ (Windows, RedHat Linux, OpenSUSE, Solaris)
- COBOL, RPG, Visual Basic 6
Recent Blog Posts
By: Justin Fimlaid What is an Exim server? An Exim server is a mail transfer agent used on Linux like operating systems. Exim is a free software and used by as much as 57% of the Internet email servers. Over the past couple weeks it has been noted that a heavy amount...
By: Justin Fimlaid What is SHA-1 and what is the history of SHA-1? Originally SHA-1 was developed as part of a U.S. government capstone project. The first version of SHA was SHA-0 and that was developed in 1993 as the Secure Hash Standard. SHA-0 was originally...
By: Justin Fimlaid If you haven't heard of it there is a new banking directive in the U.K. called the Open Banking Directive. This directive went into effect on January 13, 2018. It's significant for U.S. based banks, because this Directive could apply pressure...