Source Code Analysis

Static code analysis or source code analysis is one of the most important constituents of Security Development Lifecycle (SDL). Static code analysis service provided by UITSEC professionals covers the analysis of codes by performing code review sessions on the project. These sessions are performed by the personnel qualified on software security. The organizations benefitting from this service will have the opportunity to obtain more detailed information about 0-day vulnerabilities found on their products and make their products more secure thanks to the informative results of the analysis. Vulnerabilities which are known only by the attacker or the manufacturer are called 0-day vulnerabilities. Since the vendor are not aware of these vulnerabilities, it is possible that there will be no change to block the attack.

The techniques we use during code analysis;

  • Data Flow Analysis
  • Control Flow Graphics
  • Taint Analysis
  • Lexical Analysis
  • Metric Computation
  • Reverse Engineering
  • Model Checking
  • Hoare Logic

Some of the vulnerability types that we detect as a result of our static code analyses;

  • Buffer Overflow
  • Dangling Pointers
  • Race Conditions
  • Remote Code Execution
  • Format String Attacks
  • SQL Injection
  • Code Injection
  • Cross Site Scripting
  • Directory Traversal
  • Cross Site Request Forgery
  • Local/Remote File Inclusion
  • Denial of Service