Source Code Audit

Source Code Audit is an effective method of discovering the undiscovered bugs, security breaches and the vulnerabilities in the source code which are otherwise overlooked in the black box testing and grey box testing methodologies. Such vulnerabilities have the potential of compromising the security of the application.

Get Started


The team at Baseel firstly identifies the attack surfaces of input. Then they determing whether the existing security mechanisms are in place or not. After identification of these attack surfaces, we need to analyze the qualitative aspect according to the specific programming behaviour which includes user supplied input assumptions, unsanitized user supplied inputs, checking of functions return values, variable initialization check. It also includes performing check for jump or function pointers use of user supplied data, needs to be investigated.

The check for annotations can be done with the help of qualitative analysis of the source code. By using formal method of auditing, we need to check for the precise functioning of the program objective and verify and validate the output according to its implementation based on mathematical logic. For verifying the correctness of the syntax being used i.e. non formal method, we need to define various parameters manually as well as in form of input based for automation tools.

A holistic approach to perform penetration test that not only discovers security vulnerabilities, but also finding business logic vulnerabilities along with security checklists based on industry standards, including OWASP Top Ten, PCI Compliance, and NIST 800-53.

Baseel Limited

Insight >> Integrity >> Impact >>