Detect and remediate coding flaws before they become serious cyber security risks.
Code review is probably the single-most effective technique for identifying security flaws. When used together with automated tools and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort.
Our Methodology
Our team uses multiple code review techniques.
Automated Tool Based
In this approach, the secure code review is done using different open source/commercial tools. Tools are useful in analyzing large codebase. They can quickly identify potential insecure pieces of code in the codebase, which may be analyzed by the the security analyst.
Manual White Box Analysis
In this technique, a thorough code review is performed over the whole code. Logical flaws may be identified which may not be possible using automated tools, such as business logic problems and authorization problems.
Secure Code Review Checklist
- Design
- Configuration
- Secure Transmission
- Authentication and User Management
- Authorization
- Data Validation
- Application Output
- Session Management
- Input Validation
- Cryptography
- Exception Handling
- Auditing and Logging
- General Components
- Business logic