DERUUA

Security Analysis of Source Code

Get an outstanding level of security with our automated and manual analysis of source code of your applications, services and software components! You never get such level of assurance with penetration testing, solely automated code review or any other security activities. This service can be delivered as a separate project, in combination with white-box penetration testing or as a part of Application Security or Security Assessment services.

Learn more about the service objectives, supported languages and technologies, methods, deliverables, download our presentation with the prices or

 
H-X Cyber Security Expert  

The objective of this analysis is security assessment of the source code of your systems or applications: checking integrity and consistency of your code, secure coding principles, finding unsafe or deprecated functions, hidden logical bombs and traps, backdoors, undocumented features, non-optimal coding practices and OWASP top 10 vulnerabilities:

  • A1:2017-Injection
  • A2:2017-Broken Authentication
  • A3:2017-Sensitive Data Exposure
  • A4:2017-XML External Entities (XXE)
  • A5:2017-Broken Access Control
  • A6:2017-Security Misconfiguration
  • A7:2017-Cross-Site Scripting (XSS)
  • A8:2017-Insecure Deserialization
  • A9:2017-Using Components with Known Vulnerabilities
  • A10:2017-Insufficient Logging&Monitoring
 

We support the following:

languages:

  • .Net/ASP.Net
  • Java EE (JBoss, Tomcat, etc.)
  • Java Android
  • Objective-C/Swift iOS/MacOS
  • PHP
  • Javascript
  • Python
  • C/C++/Assembler
  • Solidity
  • Golang
  • Lua
  • your language or platform

technologies:

  • Containers: Docker stack (Compose, Swarm, Machine, Registry), GCE Kubernetes, AWS ECS, Terraform, Vault
  • Frameworks and technologies: NodeJS, Socket.IO, WebRTC, PhantomJS, YF framework, Yii, Laravel, Symfony components
  • Frontend: Angular 2, AngularJS, ReactJS, JQuery, Less/Sass, Grunt/Gulp/Webpack, Bootstrap 3/4, etc.
  • Mobile development (hybrid): Cordova, Ionic framework 1-4, NativeScript, ReactNative
  • Desktop development (hybrid): Electron, NWJS, ReactNative
  • RDBMS: MySQL / MariaDB / Percona, PostgreSQL, Oracle
  • NoSQL: Redis, CouchBase, MongoDB, Cassandra, GCloud Datastorage
  • Queues: RabbitMQ, Kafka, Redis, Beanstackd, AWS SQS
  • Automation / CI / CD: Jenkins, GitlabCI, TravisCI, CircleCI, Ansible, Bash scripting
  • Different virtualization technologies, OSes, SCM, web / proxy / mail servers, cloud and dedicated hosting services, monitoring and backup technologies, blockchain technologies, payment gateways, etc.
 

To achieve the objectives, the auditors use two methods:

  • SAST (Static Application Security Testing), which allows analyzing source code for known vulnerabilities using automated tools.
  • Manual source code review and analysis, in order to reveal unsafe and non-optimal coding practices, hidden logical bombs and traps, backdoors and undocumented features.
 

Report on Security Analysis of Source Code includes:

  • Executive summary
  • Identified technical and functional vulnerabilities
  • Modeling of attack vectors, proof of concept and exploitation of vulnerabilities
  • Risk assessment
  • Prioritized list of recommendations to mitigate identified weaknesses

Press the button below to order the security analysis of source code.




Who we are, what we do and what we offer.

Application Security and Security Assessment services.