How to check source codes for security?

D

Drum Kit2016-03-21 10:56:56

PHP

Drum Kit, 2016-03-21 10:56:56

1. How it is possible to check source codes and libraries for safety.
2.What methods are used to verify data security?
3. How to make sure that the application does not steal data and it can be used and it does not have backdoors.
4.how to parse source codes
Thank you.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

T

trevoga_su, 2016-03-21
@trevoga_su

throw a link to the code
and we'll flatten you

K

Karim Kyatlottyavi, 2016-03-21
@constXife

Perhaps, two approaches to application security testing can be defined - black and white boxes. The difference between them lies in the point of view of the test object. The white box assumes that you know what is inside the object, that is, you have access to the application's source code. Black suggests that you access the object as if you do not know what is inside, in fact, you are testing public interfaces.
From the chosen approach, you can choose the tools for testing. For the black box, quite universal programs are used that hammer the site for known vulnerabilities according to the list. They can presumably be found at the web security scanner request. For white, static analysis methods are used. I don’t know about PHP, but for Ruby there is a brakeman who goes over the code and looks for potential vulnerabilities. This is as an example.
You can test and study everything manually - on the one hand, this is better, but it makes more demands both in terms of time and qualifications.