Source Code Review

Source code security analysis (source code review) is the examination of an application source code to find errors overlooked in the initial development phase. A tester launches a code analyzer that scans line-by-line the code of an application. Once the analyzer, deployed in a testing environment, finds vulnerabilities, the penetration tester manually checks them to eliminate false positives.

The strong point of source code review is the ability to identify the following vulnerabilities:-

1. Encryption errors. These include weak encryption algorithms, as well as strong encryption algorithms with weak implementation (e.g., insecure key storage).
2. All cases of SQL injections, XSS (cross-site scripting) vulnerabilities.
3. Buffer overflows (more data is put into the buffer than it can handle).
4. Race conditions (performing two or more operations at the same time).