A Code Review is a white-box security analysis of your code based on broad experience in building secure and resilient systems as well as applicable threats. We perform Code Reviews of all types of software. We analyze web applications/services, IoT solutions, embedded systems, and mobile and desktop applications on a regular basis.
The goal of a Code Review is to provide:
- A benchmark against common vulnerabilities like CWE/SANS Top 25 and OWASP Top 10.
- Analysis of the third-party libraries and middleware used in your application.
- Accurate recommendations and feedback from our team of secure development experts.
- Risks related to personally identifiable information (PII).
- Risks related to availability and scalability requirements as well as potential Denial-of-Service attacks.
It is possible to build on this assignment to provide applied security awareness training for developers in applicable areas.
Our Code Review services can be integrated with your existing software development life cycle or Secure Software Initiative, in order to keep track of the security level through your product’s life cycle. We often combine Code Reviews with Penetration Tests to increase coverage.
Code Reviews can be performed on-site or remotely (typically remotely).