True Code Dynamic Analysis

Dynamic analysis allows you to define testscenarios that cover a small or larger part of the codebase. The defined testscenario will run while True Code various tests will be executed to detect security vulnerabilities.

With dynamic analysis True Code help you to detect logical and fault injection vulnerabilities. The dynamic checks can be used next to the static checks to get a higher level of assurance.

Fault injection

Fault injection is a technique used more and more by attackers to break the security of your products. Though many might think that fault injection vulnerabilities only occur in hardware, in fact software offers even a bigger attack surface for these types of attacks. True code package will flag fault injection vulnerabilities to your developers, by executing the software on virtual hardware. In this process True Code injects faults in the virtual hardware and gives actionable feedback on the lines in the source code that are vulnerable. 

Fuzzing

Fuzzing is a method often used by hackers to detect exploitable vulnerabilities in a product. With fuzzing, a attacker uses available API's and with all kinds of inputs tries to trigger unepected behavior that can be exploitred. True Code dynamic analysis allows you to define testscenarios on the public API's but also on any internal function or group of functions to test the robustness of your code. Vulnerabilities are reported in an actionable way, while the development team is also kept up-to-date on the coverage of the defined scenarios