Code Analysis and Review
A source code review is the most inclusive and reliable way to discover and eliminate various vulnerabilities in code. Occasionally it is intricate to discover vulnerability or weakness in applications without a thorough source code review. Source code review is a preeminent way to identify intentional or accidental backdoors and logic bombs in applications.
Avalance leverages automated tools such as CodeAssure, FlawFinde, RATS, FxCOP and others to achieve the utmost quality of source code review with thorough manual analysis of code by our security experts. Security aspects are tested including:
- Insufficient filtration of user-supplied data
- Improper memory management and buffer boundary checks
- Application logic flaws and race conditions
- Authentication and authorization bypass
- Usage of unsafe methods and functions
- Sensitive information disclosure
Post the source code reviews of web application, web-specific vulnerabilities such as Cross-Site Scripting, SQL Injection, Cross-Site Request Forgery, Arbitrary Code Injectionand XML Injection are detected.
A detailed report of information on all the weakness and vulnerabilities discovered, and customized recommendation to fix the same and a general recommendation on source structure is provided.