- The service may apply to an application developed in any technology, e.g. a web application (Django, Ruby On Rails, Spring, Node.js, etc.), as well as a web server written using a lower-level language (e.g. C, C ++, Objective-C) .
- The aim of the audit is to detect all vulnerabilities, weaknesses and inconsistencies with respect to safe programming practices and to the security policy of the environment in which the application operates, if applicable.
- The service includes dynamic tests (blackbox method) as well as static code analysis (whitebox method).
- In the case when the application sources are not available, reverse engineering methods are used: decompilation and disassembly.
- The test concludes with a report describing each problem found, i.e. the method of detection, the possible attack method, threat level of an attack and a proposal to eliminate the problem.
Service security audit
A detailed analysis of a network service (its operation and code) in order to identify any vulnerabilities and weaknesses regarding its security.