Source Code Analysis
Immunity does not rely on automated tools to conduct source code reviews, but various tools are sometimes used to enhance code review projects and to provide additional layers of review.
Because of the lengthy time period usually required to perform source code reviews, Immunity always initiates a source code review project with an architecture or process review in order to become familiar with the technology and be able to immediately focus on the most vulnerable sections of code. Where the same development practices have been employed throughout the application, the client can usually be provided with a reasonable accurate report regarding the level of security within the first few days of beginning assessment work, however complete source code reviews usually take several months to complete.
