Source Code Review

Expose and take measures against vulnerabilities dormant in programs under development

Service Overview

Attacks targeting vulnerabilities inherent in web applications are increasing.

Many of these are vulnerabilities built in during the course of new development and modifications added to source code. When vulnerabilities are discovered after release, it may be necessary to start over from the system design stage for some types of vulnerabilities that incur significant additional costs. Therefore, it is necessary to review source code before release to allow discovery of all embedded vulnerability in advance and reduce vulnerability inherent in a web application.

Infosec's Source Code Review exposes all vulnerabilities inherent in the source code and proposes measures to address problems.

Features

During Infosec's Source Code Review, highly experienced experts verify results detected by source code diagnostic tools and expose problems in the source code by manual review. In presenting specific example measures based on the problems exposed, we deepen our customer's understanding of developer issues and support an efficient repair process.

Experts in charge of Infosec's Source Code Review have a proven track record with web application security assessments that enables them to expose common problems found in web applications.

Customers can pair this service with a dynamic web application security diagnostics to ensure measures have been implemented for problems exposed during the Source Code Review.

Deploying the Service

Click here to view the flow of deploying this service from inquiry to deployment and report meeting.

Diagnostic Example

To scan the source code using the source code diagnostic tool, we first build a program.
This requires an appropriate environment ready for building programs. Depending on the development language, we may install our source code diagnostics tool on the customer's development machine (with access to target programs and libraries) and execute the scan on-site (development environment) only.

Samples

Samples