Source Code Review
Source code security analysis (source code review) is the examination of an application source code to find errors overlooked in the initial development phase. A tester launches a code analyzer that scans line-by-line the code of an application. Once the analyzer, deployed in a testing environment, finds vulnerabilities, the penetration tester manually checks them to eliminate false positives.
The strong point of source code review is the ability to identify the following vulnerabilities:-
- Encryption errors. These include weak encryption algorithms, as well as strong encryption algorithms with weak implementation (e.g., insecure key storage).
- All cases of SQL injections, XSS (cross-site scripting) vulnerabilities.
- Buffer overflows (more data is put into the buffer than it can handle).
- Race conditions (performing two or more operations at the same time).