Security
Verification of vulnerabilities in the code is carried out through a guided inspection of the source code. The source code is analyzed using a specific inspection process and appropriate analysis techniques and tools, in order to identify the vulnerability.
The inspection process requires a rigorous approach in detecting security vulnerabilities. At the end of the inspection, a compliance report is presented. It can meet the largest and most well-known market standards (OWASP, CWE, MISRA, NIST, PCI and CERT among others).
Vulnerability analysis produces:
- List of vulnerabilities
- Proposition of remediation
- Support for the implementation of remediation
As an example, the following are some of the vulnerabilities that the service is able to detect:
- Uninitialized Variables
- Application Misconfiguration
- Credential/Session Prediction
- Directory Indexing
- Insufficient Authorization/Authentication
- Automatic Reference Counting
- Cross Site Request Forgery
- Information Leakage
- Insufficient Transport Layer Protection
- Insufficient Binary Protection
- Cross Site Scripting
- Injection Attacks
- Interprocess Communication
- OS Commanding
- Insecure Cryptography
- SQL injection
- Cryptographic Related Attacks
- Buffer Overrun
- Free Non-Heap Variable
- Use After-Free
- Double Free/Close
- Format String Vulnerability
- Return Pointer To Local
Technologies
Kiuwan
Micro Focus Fortify SCA
