The analysis of the source code of an application is one of the most powerful and effective methods to detect and close programming errors at an early stage.
Usually, two different approaches are followed, which can only develop their full potential in combination: Static and dynamic test procedures.
In the former case, the application is not executed, but only checked for errors using predefined rules. These range from bad coding style and wrong type conversions to unwanted memory leaks with often serious consequences.
Since such a static analysis also finds many false positives, it always requires a subsequent assessment of found vulnerabilities.
In addition, the use of dynamic test procedures is an important means of minimizing the number of overlooked false negatives and increasing test quality.
In order to achieve this, dynamic tests pursue a strategy in which the application must first be started, then - during operation - provided with prepared input data and the generated output data analyzed. If the actual result deviates from the expected result, this is considered an error, which hazard potential must be checked and evaluated manually.
sic[!]sec GmbH has experience with all established software analysis tools and can recommend a suitable product and license model for your special needs in close cooperation with you. We can then carry out the source code analysis according to your wishes and carry out a qualified evaluation of the generated findings so that only relevant problems are reported in the meaningful report, which can then be remedied directly by your developers.
We can also advise you if you are planning the internal use of a SCA tool, for example during development.