There is new security audit tool in the buzzing globe reflecting both web2 and web3 security i.e. Hakira so in today's blog we will be sharing about the insights that hakira actually audits the codebase which can be attraction for the auditors.
Here you can see that there is option to pick the codebase from the repo or you can upload the zip file
Here I have selected a random repo for which I want to see the findings. This will then create workspace based on the repo in the dashboard.
Please note that this will require credits to proceed
After getting the credits I get prompted for the following options that either go for the full audit or go for the segregrated options as below.
I selected full audit for the codebase and below are the findings
In the first phase it is analyzing the whole structure of the codebase
In the second phase it is analyzing the architecture behind the codebase.
In case if you want to know that how many phases are there in the audit plan so below is the plan
This will actually take some time depending upon the codebase. At the moment. I have switched from my previous codebase to new codebase as I have 1516 SLOC now so credits are utilized based on the SLOC
So now the findings are here as you can see it has provided the findings along with severity and POC as artifacts
Below are the findings for review which helps auditor to understand the surface level severities.
Below is the mitigation suggested as per the findings
so you can see this will help in aid for auditors to validate the findings from their end.
In terms of plan for credit, below is the price of credit that can be availed
In short, the tool is very innovative and gives complete detail about vulnerable to kick start reviewing the codebase and test edge cases that can be missed by human error. You can sign up for this tool on Hakiro
Top comments (0)