Static Code Analysis (White Box)

Identification of source code vulnerabilities aligned with the OWASP Code Review Guide methodology, using automated tools and manual validation.

What is the Static Code Analysis (White Box) service?

The static code analysis service identifies vulnerabilities directly in the code. This type of validation is typically performed during the implementation phase of the Secure Development Lifecycle (SDLC), using various automated tools and manual validations. Silent4Business has aligned its processes and technical reviews to the globally recognized OWASP Code Review Guide methodology.

With our service, organizations can expect:

Organizations detect source code vulnerabilities before deployment to production, reducing the risk of security breaches and the cost of remediation by identifying issues in early stages of the SDLC.

Service Deliverables

Executive Summary: Scope, Findings Summary, Most Vulnerable Assets, Recommendations
Vulnerability Matrix: CVE, Classification, Asset, Service, Vulnerability, Description, Recommendation

Code AEC

Business Line Cybersecurity

Category Cyberintelligence

Consultant Eduardo Salmerón

Methodology OWASP Code Review Guide Methodology

Scope Static security analysis (SAST)

Execution Time

Without credentials

01-10,000 lines: 4 days 10,001-50,000 lines: 6 days 50,001-300,000 lines: 8 days 300,001-500,000 lines: 10 business days

With credentials

01-10,000 lines: 4 days 10,001-50,000 lines: 6 days 50,001-300,000 lines: 8 days 300,001-500,000 lines: 10 business days

Request service