Description
Source code security analysis (source code review) is the examination of an application source code to find errors overlooked in the initial development phase.
Scope
Phase 1
• Identify Vulnerabilities building on information gathered. • Assess the existence of code vulnerabilities or security misconfiguration by running automated tools, open source tools, custom scripts to ensure if application code base contain any smelly code.
Phase 2
• Manual Security Testing: Senior development team work then to ensure the vulnerabilities are not false positive then verifies the majority of the vulnerabilities and security flaws.
• Result Analysis: Review the vulnerabilities found in the previous phase, and manually verify the identified vulnerabilities and eliminate false positives.
Deliverables
Report identified vulnerabilities including impact rating and recommended action to mitigation them
Reviews
There are no reviews yet.