Source code is a developer’s interpretation of a business process or function, but it is not immune to errors that affect the security of the application. Where a defence in depth assessment is required, the source code itself needs to be analysed for greater security assurance that cannot be achieved from an application penetration test.
What can you gain from a source code review by Perspective Risk?
- Lower code development costs by introducing security requirements and controls at an early stage
- Greater confidence in the security of your application than can be achieved by an application penetration test
- Preserving your brand and reputation by removing vulnerabilities in your code and reducing the risk of exploitation
- Better protection for your customers, employees and stakeholders
What does a source code review involve?
- Working with an expert consultant who in addition to their own knowledge uses industry-standard tools and then interprets them in relation to your specific business requirements
- Analysis of source code to assess the code’s adherence to industry standard practices with regards to:
- Bounds checking
- Memory allocation
- Insecure library functions
- Code maintainability and performance
- Checking for common application vulnerabilities relating to:
- Input validation
- Error handling
- Session management
- Authentication and more
- Depending on your requirements, we carry out static and dynamic analysis of your source code to ensure a thorough review
- A full report detailing any non-conformances or vulnerabilities in your application’s source code and prioritising them in order of magnitude of risk to your business
- Comprehensive remedial advice for every identified issue
Why choose Perspective Review for a source code review?
- You receive a bespoke service according to the needs of your business, not a generic assessment
- You receive a prioritised report based on key coding issues including any trends in the development approach
- You work with expert consultants who are well versed in multiple language code reviews
- We cover all major languages including C, C++, C#, Java, Ruby, PHP, Python, Perl