Automated Static Analysis
First, the code is automatically scanned using industry-recognized commercial tools (provided by the customer or by Borealix). These tests are performed against standarts such as OWASP Top 10, OWASP ASVS, SANS Top 25, etc.
Benefits
Relatively fast
Relatively inexpensive
Finds more types of vulnerabilities than DAST
Requirements
Send (by secure means) the source code of the application in the specific version to be certified.
Compilation manual (only for compilable code)
Deliverables:
An executive report and a technical report from the tool in PDF format for subsequent delivery to the client. If many instances of vulnerabilities are found, an Excel list with all additional instances may be attached.