Tools to Perform a Security Review of Unknown CodePerforming a deep security review on third party code is hard. You typically receive a bunch of source code, no design documents, very little comments in the source code. Still, you have to do an assessment of the code and provide a risk score. Where do you get started?
In this webinar recording, we show you how Imagix and GrammaTech can help. GrammaTech CodeSonar can perform deep static application security testing on the source code. The result is a set of warnings of things that may be risky. Still, to understand whether a problem, say a buffer overrun, is externally triggerable, you would need to understand the design of the application. This is where Imagix 4D and its Review Tool come in. Within the perspective of the source code's overall architecture and structure, you're able to fully examine the issue flagged in each static analysis warning, determine root causes, prescribe remedial actions, and generate an audit trail. See how together, these tools improve your efficiency and your code's security.