Extensive secure code reviews of everything such as web/mobile/native applications, cryptographic implementations, cloud infrastructure and hardware designs.
We provide extensive code reviews of everything such as web, mobile and native (desktop) applications, cryptographic implementations, cloud infrastructure and hardware designs. Our security specialists review most - if not all - programming languages, configuration and markup syntaxes.
A secure code review is a specialized task involving manual and/or automated review of an application's source code to identify security-related weaknesses (flaws) in the code. It can be performed as a standalone delivery or as part of a penetration test.
Initially a scoping or interview is held with the developers of the code to ask questions regarding the implementation. The review is often performed manually with the aid of static analysis tools that scan the code for common patterns. The reviewer typically focuses on several security mechanisms and areas such as authentication and authorization, data and input validation, error handling and encryption.
Secure source code review can be done on specific functionality or a module/component but is best utilized towards the end of the development cycle, when all or most of the functionality has been implemented.
One reason to perform it later is that it often is time consuming: performing it frequently on unfinished code would increase the cost, but it all depends on your requirements and needs.
You will get a written report and a presentation detailing the issues and observations identified during the review.
The report will also contain: recommendations on how to handle the issues; advice regarding general design choices and architecture; and recommendations regarding testing and secure development.
This information will help you to improve both the implementation and the development process.