Performing a deep security review on third party code is hard. You typically receive a bunch of source code, no design documents, very little comments in the source code. Still, you have to do an assessment of the code and provide a risk score. Where do you get started?
In this webinar we show you how GrammaTech and Imagix can help. GrammaTech CodeSonar can perform deep static application security testing on the source code. The result is a set of warnings of things that may be risky. Still, to understand whether a problem, say a buffer overrun, is externally triggerable, you would need to understand the design of the application. This is where Imagix comes in, it can overlay the path of the static analysis warning over a design that is reverse engineered from the source code. And that is just one of the many tricks.
Speakers: Mark Hermeling - GrammaTech, John Blattner - Imagix
Interested in a 30-day free evaluation?