Source Code Audit

Code Audit consists of examining vulnerabilities related to the source code of an application.

Complementary to intrusion tests, which assess security from the attacker's point of view, reviewing the source code makes it possible to identify vulnerabilities that are difficult to detect or exploit. This exercise also makes it possible to ensure that the application hardening, and reverse-engineering protection mechanisms are applied.

BEGONIA GROUP's audit approach is based on:

• • OWASP (Open Web Application Security Project)
• • ANSSI (National Agency for Information Systems Security)
• • SANS (SysAdmin, Audit, Network, Security)
• • publishers' security standards as well as the state of the art auditee's specific business constraints.

Code audit objectives are:

• – Discover as many vulnerabilities as possible affecting the audited application.
• – Evaluate the level of hardening of the code and the possible protections against reverse engineering.
• – Define a technical action plan to apply best practices in terms of secure development.

The vulnerabilities detected during our source code audits may relate to the absence of filtering of incoming or outgoing data, the absence of protection of sensitive data exchanged, poor error management, which can introduce the exposure of sensitive data, unmaintainable code, identification of backdoors, etc.