Our Software Analysis and Security Services include:
We perform thorough analysis and detection of open-source code, ensuring comprehensive coverage.
1. Publicly disclosed vulnerability detection collection and analysis:
We collect and analyze publicly disclosed vulnerability information, considering open source code and third-party library data associated with the project.
2. Tamper Detection:
We conduct checks for software integrity, including signature, watermark, and timestamp verification.
3. Sensitive Information Retrieval:
We possess the capability to retrieve sensitive information, such as keys, certificates, and personal data, present within software components. Our assessment includes evaluating the associated risks of information leakage and exploitation, ensuring the protection of sensitive data from unauthorized access and misuse.
Our experts perform a comprehensive review of the source code, identifying potential vulnerabilities and suggesting improvements.
1. Source Code Review Based on Formal Verification:
For smaller-scale projects, we offer formal verification of the entire codebase or specific sections, leveraging rigorous techniques like model checking, Hall logic, and separation logic. This process provides logical security guarantees, addressing common bugs and vulnerabilities.
2. Code Scanning using CodeQL:
Using the powerful CodeQL tool, we scan software projects to identify semantic vulnerabilities. By collaborating with developers and leveraging comprehensive development documents, we design effective query logic to target and uncover potential vulnerabilities within the codebase.
1. Static analysis based on symbolic execution:
We conduct dynamic analysis based on simulation and execution techniques to identify vulnerabilities. Our approach includes static analysis for global vulnerability identification, focusing on input conditions that may lead to software crashes. In cases where specific code segments are suspect, we employ symbolic execution for precise vulnerability detection.
2. Dynamic analysis based on Fuzzing techniques:
We perform meticulous fuzzing checks during dynamic execution to uncover potential vulnerabilities. While resource-intensive analysis based on simulation and execution may not be practical for large-scale projects, we work closely with developers to gather requirements and focus our testing efforts strategically. In some cases, partial testing may be performed to ensure the highest possible level of software security.
We excel in offering a diverse array of software analysis and testing services, encompassing both source code and binary levels. Our business specializes in conducting thorough security assessments through penetration testing, coupled with essential security remediation. Our primary objective is to meticulously uncover any potential vulnerabilities within the software, guaranteeing its utmost security and resilience.
By availing our comprehensive range of software analysis and security services, you can fortify your software’s security, minimize vulnerabilities, and safeguard sensitive information.