Source Code Review

Service Summary

SECWALLS uses a hybrid approach, both automated and manual code review techniques, to uncover code-related security vulnerabilities that are generally hard to discover from the web application frontend. The assessment is performed using a code-assisted penetration testing approach discovering issues related to common web application areas. Our source code review is designed to discover implementation-level vulnerabilities introduced during coding and recommends remediation for those coding errors. We are well versed for the most commonly used programming languages including Java, .NET, C / C++, C#, RoR, PHP, Perl, Python.
 

Code Review As A Service Overview

Hybrid Approach

We utilize best-in-class static code analysis tools for scanning the codebase. Also, a detailed manual review of the application code gets conducted on areas of critical importance such as user authentications, input parameters, select functions, etc.

DevOps / Development Integration

While most of our source code review projects are standalone engagements, we also work as an extension to the development team as part of the SDLC process. Each new push of the code goes tested for vulnerabilities in such a model.

Remediation Advice

Not every developer is a security maestro; most of their priorities are to develop applications within the timelines given. Our remediation advice goes as a part of the Source Code Review Services and extends them into a secure application development team.

CODE REVIEW SERVICES PROCESS

PEER CODE REVIEW

- Follow international standard of code review.
- Follow inhouse check lists for assessment.
- Code annotation before code review

REPORTING

- Vulnerability assessment report
- Executive Summary




AUTOMATED ANALYSIS

-Analysis using code review tools
-Check for False Positive
-Validate the vulnerabilities found

RETEST

- Conduct retest after the patches have been applied
- Identify if any vulnerability has not be patched
- Identification of any new vulnerability as a result of changes

RECOMMENDATIONS

- dentification of vulnerabilities
- Recommendations in accordance with industry standards


Interested in Our services

Request a Qoute !