Applicative vulnerabilities are one of the major causes of compromission for today’s Web infrastructures. Web applications only seldom respect the fundamental rules of IT security, and pirates often manage to identify and exploit numerous vulnerabilities, such as XSS and SQL Injections.
A security audit enables you to ensure the impermeability of your website regarding attacks, by spotting these vulnerabilities to better patch them.
What is a security audit ?
Source code audits rely on an exhaustive analysis of the source code of your application. Source code audits can be made in different ways, and the best results are often obtained with a combination of several methods.
At the end of the audit, out security experts deliver a complete report of the vulnerabilities they noticed, and offer corrective actions to patch these vulnerabilities.
If a company realizes too late the importance of IT security, and if it is already the victim of a malicious act, fraud or attack, another kind of IS audit is possible: the Forensic enquiry. This IT security audit consists in collecting, preserving and analyzing IT proofs. The goal of this prestation is to ascertain with precision the operational mode used by the malicious perpetuator by providing digital proofs of a fraud.
Static source code analyses are methods that evaluate the behavior of an application without actually executing it.
Dynamic source code analyses consist in executing the program in order to study its working and to check if the result was indeed expected depending on the input.
Automated source code analyses a made by a robot, which targets identifiable vulnerabilities or negligences in the code.
Manual source code analyses are more complete, based on methods made only by humans. They are limited by the number of code lines (1000 to 2000 per day depending on the language and complexity of the program).
NBS System’s expertise in IT security
years of experience
+ 250 clients in IT security
Creator of CerberHost
Creator of Naxsi