Source Code Security Analysis

Assisting to fix web application vulnerabilities

By viewing the source code, the service is to find out the vulnerabilities hidden from the website applications. It is supplemented by professional consultants to analyze the types of vulnerabilities, attack paths and other information. Further to this, based on the severity level of risk from vulnerability scanning reports, we provide remediation method according to web application programming language. With this, it can effectively reduce the barriers and cognitive gaps to remedy the web application while strengthening the protection capabilities of website applications in order to avoid attacks, such as SQL injection and Cross-Site Scripting.

Programming Language

The service supports more than 20 programming languages, including:

A.

  • Mobile APP.

  • Objective-C(iPhone)、Java(Android)、C#.Net(WinPhone)。

B.

  • Microsoft.

  • ASP.Net、VB.Net、C#.Net、ASP、VBScript、VB6。

C.

  • Apple Mac.

  • Objective-C、Action Script。

D.

  • Java.

  • Java、JSP。

E.

  • Other Web.

  • HTML、JavaScript、PHP、XML、ColdFusion 5.0、Python。

F.

  • Database.

  • T-SQL(MSSQL DB)、PL/SQL(Oracle DB)。

G.

  • Second-generation language.

  • C/C++、COBOL。

H.

  • SAP.

  • ABAP/BSP。
Code Problem Detection

Our service can detect more than 480 types of vulnerabilities, including both security and quality aspects.

A.

  • Input Validation:

  • SQL Injection、Cross-Site Scripting、Resource Injection、Open Redirect.

B.

  • Security Features:

  • Password Management、Insecure Randomness、Weak Encryption.

C.

  • Error Handling:

  • Poor Error Handling.

D.

  • API Abuse:

  • Code Correctness、Missing Check against Null、Dangerous Method.

E.

  • Code Quality:

  • Dead Code、Unreleased Resource.

F.

  • Environment:

  • Misconfiguration.

OWASP TOP 10 vulnerability types have all been included in the above types.

Service Process

Interview with clients before testing

To confirm the range and programming language of the testing target

Examining environment establishment

2. Examining environment establishment and setting

Executing the test

Analyze the vulnerability type and potential attack route through professional analysis.

Generating the report

  1. Inspecting the basic information
  2. Inspecting lines of analysis, error count, vulnerabilities count
  3. Examining the severity of vulnerabilities, file and line affected
  4. Checking the executing route of the mistake emergence

Briefing and Consultations

Application vulnerability remediation and consultation

TOP