The source code is checked for vulnerability and errors.

The test is first performed semi-automatically before dynamic module tests are carried out (if possible) to accompany the software development during implementation.

  • Static Code Analysis
  • Dynamic Code Analysis
  • Manual Code Review

From the implementation phase onwards, the source code of the target software is checked for conformity with formal methods, as well as being tested for compliance with the syntactic conventions of the programming language and the programming rules. This procedure is comparable to a parser that performs a lexical, syntactic and semantic analysis of the programming code.

As a rule, each bug requires a manual audit in accordance with the lexical rules of the programming language used and its semantic affiliations, so as to rule out false positives and to devise relevant fixing strategies. Hence, the quality and quantity of the analysis results largely depend on the selection of suitable tools.

We use the following tools:

  • Klocwork
  • OWASP
  • Veracode
  • Cpplint
  • Coverity
  • Lint
  • Checkstyle