Source code security audits

Source code security audits

In code analysis security audits, Tarlogic's team tries to find potential vulnerabilities and security flaws in the source code using static analysis techniques.

Objectives

Static Application Security Testing (SAST) consists of, using a security tool, automatically analyzing the source code of a program, application or service in order to discover security issues without the need to execute it.

In code analysis security audits, Tarlogic's team of experts tries to find possible vulnerabilities and security flaws in the source code using these static analysis techniques, a process commonly known as white-box auditing.

The result of this effort will allow the customer to gain an accurate and deep understanding of the security status of the analyzed source code.

Benefits

  • It has no impact on productive environments, since it is a static analysis.
  • It allows to discover a large number of vulnerabilities and bad development practices in a fast way.
  • It allows a deep analysis of all possible source code execution flows.

General description

In code analysis security audits, the entire source code of a particular component or application is usually analyzed automatically using a SAST solution.

Once this information is available, false positive filtering is performed, usually with the help of the development team. The various bad practices of secure development that can be found in the source code are also discussed.

This information is then documented and presented in a report detailing all the vulnerabilities found, a brief description of each one and its possible solution.