Web Application Code Audit Service

Orange Country IT Solution adopts a static source code analysis platform that leverages third generation software verification technologies to identify web application vulnerabilities throughout development. Our web-based solution provides automated compiler-independent code analysis that models tainted dataflow within the application. Reports pinpoint vulnerable code locations and offer prioritized remediation guidance, while integration facilitates immediate hot-fix remediation. Our service offers proactive and cost-effective remediation for vulnerable code, representing a low-cost, risk-free alternative to the common build-first secure-later paradigm.

Proactive Vulnerability Remediation

• Identifies vulnerable Web application source code throughout the application life cycle
• Facilitates early, efficient and cost-effective vulnerability remediation
• Detects vulnerabilities in ASP.NET, VB.NET, C#, Java/J2EE, JSP, EJB, PHP, Classic ASP and VBScript.
• Models Web application behavior and traces data flow from entry point to vulnerable file.
• Calculates outcome of tainted input propagation through the application
• Scans source code non-intrusively with no impact on running applications
• Integrates with code repository to enable automated code retrieval and analysis
• Aligns secure coding efforts with development processes by integrating with IDE and code check-in

Third Generation Technology

• Network appliance provides Web accessible role-based project and scan management interface
• Built-in language parsers facilitate compiler-independent analysis and flexible deployment
• Advanced formal verification algorithms and compiler-independence ensure fast and accurate vulnerability detection
• Compiler-independent analysis engine requires only source code access; there is no build-integration requirement
• Advanced Traceback feature traces tainted input from source code entry point, across functions, classes and files to resulting vulnerabilities

Precision and Coverage

• Built-in language parsers analyze source code independent of build environment
• Advanced formal verification algorithms and compiler-independence ensure extremely low false positive rates (<1%)
• Advanced Traceback feature tracks tainted input from source code entry point, across functions, classes and files to resulting vulnerabilities
• Interactive Web-based reports pinpoint vulnerable code locations

Advanced Reporting

• Offers interactive analysis and reporting via Web interface
• Includes detailed Traceback describing tainted data flow within application
• Highlights vulnerable security-related entry points, functions, and classes
• Prioritizes risk-based vulnerability remediation activities
• Provides remediation guidance with detailed sample exploitation and remediation code
• Automates customized technical and executive report distribution
• Supports PDF, HTML, XML reports and WAF export

Contact Us for IT Auditing Services Dubai