Italiano
  • English
  • Info:
    +39 080 5442048

    SER&Practices

    Code Vulnerability Assessment

    Security

    Code Vulnerability Assessment

    Verification of vulnerabilities in the code is carried out through a guided inspection of the source code. The source code is analyzed using a specific inspection process and appropriate analysis techniques and tools, in order to identify the vulnerability.

    The inspection process requires a rigorous approach in detecting security vulnerabilities. At the end of the inspection, a compliance report is presented. It can meet the largest and most well-known market standards (OWASP, CWE, MISRA, NIST, PCI and CERT among others).

    Vulnerability analysis produces:

    • List of vulnerabilities
    • Proposition of remediation
    • Support for the implementation of remediation

    As an example, the following are some of the vulnerabilities that the service is able to detect:

    • Uninitialized Variables
    • Application Misconfiguration
    • Credential/Session Prediction
    • Directory Indexing
    • Insufficient Authorization/Authentication
    • Automatic Reference Counting
    • Cross Site Request Forgery
    • Information Leakage
    • Insufficient Transport Layer Protection
    • Insufficient Binary Protection
    • Cross Site Scripting
    • Injection Attacks
    • Interprocess Communication
    • OS Commanding
    • Insecure Cryptography
    • SQL injection
    • Cryptographic Related Attacks
    • Buffer Overrun
    • Free Non-Heap Variable
    • Use After-Free
    • Double Free/Close
    • Format String Vulnerability
    • Return Pointer To Local

    Technologies

    Kiuwan

    Micro Focus Fortify SCA

    Micro Focus Fortify SCA