Source Code Review
Bright Axis provides white-box information security reviews of source code using commercial source code analysis tools coupled with proprietary scripts developed for reviewing the code in various languages such as those belonging to the .Net framework, Java frameworks, PHP, classic ASP, and CGI scripts such as Perl. Although most of the commercial software is typically written using either the Java or the .Net frameworks, Bright Axis continues to offer the extended services to cater to varying industry needs and verticals.
The source code review involves a secure transmission of source code trees using GPG (GNU Privacy Guard) to Bright Axis, followed by a static source code analysis using automated tools and manual techniques. Once the analysis is done, the report of vulnerabilities is compiled for the customer with the vulnerabilities and the recommendations on fixing them. After the assessment is over, Bright Axis securely deletes any source code sent to Bright Axis and provides a certificate of purging to the customer thereby helping protect the Intellectual Property (IP) of the customers.
The contractual process covers establishing a Non-Disclosure Agreement (NDA) with the customer before the assessment begins which protects the customer legally from any IP disclosures.