Source code audit

Our auditors analyze part or all of the audited source code (or its compilation or execution conditions) in order to discover vulnerabilities related to poor programming practices or logical errors.

The source code audit takes place as follows:

  1. A first study makes it possible to define the architecture of the audited code and to identify its critical portions
  2. An automated analysis is carried out on the entire code in order to identify the most obvious security problems
  3. A manual analysis is carried out on the critical portions previously established (examples: authentication, access to sensitive data, administration actions).
  4. In the case where the code provided is functional, a dynamic analysis is performed. It allows you to test the robustness of the application by sending data that is not provided for by the functions.
  5. Each weakness discovered is the subject of a specific recommendation to the code provided with an example of implementation.

Languages we audit the most

  • C / C++
  • C#
  • Java
  • JavaScript/TypeScript
  • Kotlin
  • Lua
  • Objective-C / Swift
  • Perl
  • PHP
  • Python
  • Ruby
  • Shell / PowerShell
  • SQL

Main checks

  • Global analysis of architecture and critical components
  • Manual review of critical components
  • Analysis of user entry points and content injections
  • Robust authentication, session management and permissions
  • Study of password storage and robustness of the cryptographic mechanism used
  • Configuration study
  • Search for backdoors and code not exposed to the user
  • Analysis of storage and access to sensitive data
  • Verification of the presence of a functional logging mechanism

Methodology used