An insecurely developed or managed application could enable a malicious third party or an attacker to gain unauthorised access, compromise application functionality or steal sensitive user data.
Our code review and assurance service can assess the security of your application and programme source code and find any security weakness that may have been overlooked during development or testing and could leave your application and the information contained vulnerable.
Implementing code reviews alongside secure coding practices as part of your software development life cycle (SDLC) process is essential to provide assurance around your overall application’s security.
Some of the benefits of using our services include:
- Work with your IT and development teams to develop a secure Software Development Life Cycle (SDLC) and software engineering principles.
- Identify security issues in new or existing code before release or deployment.
- Review product source code to provide quality and security assurance.
- Provide guidance and ongoing assurance on secure and defensive development strategies and alignment with industry best practices such as OWASP etc.
Where an executable version of the software or code cannot be obtained, this service will be useful in assessing snippets or code modules, which may be useful where disclosure of the entire code base is not desirable.
The following techniques can be employed during static analysis, based on business requirements:
- Manual – Perform manual review and identify security vulnerabilities within the source code. This covers areas that automated tools would often miss.
- Automated – A fully automated approach can ensure a wide scope of identification of the most commonly found vulnerabilities, using industry recognised commercial code-scanning and ERS’s custom tools.
- Focussed/ Bespoke – Combining the above for a wide coverage or a targeted review can focus on specific areas of the code base, typically those that provide security related, network or complex functionality.
Automated Code Analysis
Automated code techniques can additionally be used to provide efficiencies within the mapping of complex code paths. It can help reduce any false-positives, as we verify any issue against a running copy of the software.
Upon completion of the assessment, we will provide a detailed report that includes any findings/vulnerabilities, the risk associated with each of these, along with recommendations.
For more information please contact us.