This activity is a source code’s application audit process, in order to verify that the expected security checks have been implemented, that they work as planned and their usage follows the original idea.
The purpose of this analysis is to verify that an application has been developed in order to be independently protected.
It also checks that developers are following the methodologies and techniques of security programming.
The system analyzes the software functions by reading the source code and, if possible, including itself within the build/compiling process.
All the possible program’s branches are analyzed, evaluating the data flow model, from its input to its usage.
This activity is comparable to a white box vulnerability assessment type.