Have Any Questions?
Call Now +91 8929 042 052
Services

Source Code Review

What is it?
What is the value proposition?
What are the drivers?
What is the methodology used?

What is it?

Code review aims to identify security flaws in the application related to its features and design, along with the exact root causes. With the increasing complexity of applications and the advent of new technologies, the traditional way of testing may fail to detect all the security flaws present in the applications .

 

Secure code review is probably the single-most effective technique for identifying security bugs early in the system development lifecycle. When used together with automated and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort.

 

What is the value proposition?

  •   An in depth understanding of programming language based vulnerabilities of modern applications.
  •   A systematic combination of manual and automated approach for finding vulnerabilities.
  •   Experienced SAST security experts with 0.5 million lines of code review industry experience.
  •   Detailed reports with recommendations by benchmarking against OWASP and other industry standards.

What are the drivers?

  •   Customers looking for comprehensive security testing early in the system development lifecycle..
  •   Requirement to satisfy global regulatory and compliance requirements like PCI, HIPPA etc.
  •   Contractual obligations with customers for conducting periodic security testing.
  •   Growing risks of fast to production applications without proper security testing.
  •   Lack of knowledge among developers for effectively conducting a secure code review.
  •   Lack of visibility of business logic, transaction and sensitive data exposure related flaws remain untouched by automated scanners.
  •   Additional effort of segregating false positives from automated scanners by an experienced programmer.

What is the methodology used?

Our penetration testing methodology is as follows:

  •   Preparation - Identify the purpose and context, programming language and lines of code.
  •   Threat Modelling - Application components and functionalities gathered as per the defined goals and potential attack paths are identified.
  •   Code Review - Systematic manual and automated approach is followed to identify the flaws.
  •   Reporting - Findings are analyzed based on the risks and reports are debriefed and improvement actions are presented.
  •   Remediation - Remediation efforts are discussed, prioritized and reviewed with customer.
  •   Retesting - Retesting is conducted to confirm the closure of the identified vulnerabilities.
  •   Closure - Debriefing of the retesting activity is done and retesting report is shared.