Static Code Analysis (White Box)
Cyber Intelligence
DESCRIPTION:
The static code analysis service identifies vulnerabilities directly in the source code. These validations are typically performed during the implementation phase within the Secure Software Development Life Cycle and are carried out using different automated tools and manual validations. Silent4Business has aligned its processes and technical reviews with the globally recognized OWASP Code Review Guide methodology. Our consulting team uses this methodology to deliver the Static Application Security Testing (SAST) code review service. Below is an overview of the methodology used for static code review, which includes reconnaissance, automated review, false positive identification, manual review, and security architecture review.
DELIVERABLES:
Executive summary (executive presentation):
• Scope of the analysis
• Most vulnerable assets
• Root-cause recommendations
Vulnerability matrix:
• CVE related to the vulnerability (when applicable)
• Risk classification
• Vulnerable asset
• Vulnerable service
• Vulnerability
• Vulnerability description
• Mitigation recommendation
CODE
AEC
BUSINESS LINE
Cibersecurity
CATEGORY
Cyber Intelligence
RESPONSIBLE:
Eduardo Salmerón
METHODOLOGY:
OWASP Code Review Guide Methodology
SCOPE:
Static Application Security Testing (SAST)
EXECUTION TIME
Volumetry:
• From 01 to 10,000 lines – 04 business days
• From 10,001 to 50,000 lines – 06 business days
• From 50,001 to 300,000 lines – 08 business days
• From 300,001 to 500,000 lines – 10 business days