attacks and tests
List of attacks and tests performed during penetration testing
Security code review is an in-depth analysis of the application’s code aimed to detect security vulnerabilities by inspecting the actual code of a given system. It is used to detect security bugs, reveal hidden backdoors in the code and reach full coverage of a given system’s vulnerabilities. The test will attempt to find weaknesses, the source of which is insufficient secure coding policies, business logic flaws, internal structures and the systems design.
Whether used to detect security bugs as a thorough alternative for a penetration test or as the means for detecting backdoors in the code, security code review is a complicated task that must be performed by a well experienced auditor. We provide exactly that.
Discovering vulnerabilities is done according to OWASP and WASC methodologies. A partial list of some of them: