Source Code Audit
This kind of security audit aims to analyse the application source code in an exhaustive way. This audit is a great opportunity to get a deeper cover than a black-box one.
Several ways exist to perform source code audits and it is, generally speaking, a mix of them that lead to the best results.
- Static analysis: This method enables you to assess the behaviour of an application without executing it by analysing the source code. Based on the use of an automated tool, the static analysis still needs human intervention in order to certify the critical aspect of the bugs.
- Manual analysis: This method, dedicated to sensitive parts or “business logic”, is performed by a human and the only limit is the number of coded lines (1,000 and 2,000/day) depending on the software complexity and the kind of languages used.
When a software is heavy, it is better to use a combination of the two methods in order get the most out of them. We will find more critical vulnerabilities by mixing them as the code will be scanned not only by a software but also by a human which will lead to a very precise analysis.
NBS System is the exclusive partner of Armorize, the company which provides CodeSecure, known as the best static analysis software for web technologies (including PHP).
Armorize helps security experts test heavy software in an exhaustive way by saving a certain amount of time.