Back to Top

Secure Code Review

Security source code reviews involves analysing source code line by line to identify potential security vulnerabilities. A Security source code review is generally recommended for high risk applications with sensitive and confidential information where a breach is simply untenable

Working with an application’s source code is a sure fire way of discovering potential application vulnerabilities. Methodical manual review by skilled programmers can be supported by automated tools such as:

  • automated code analyser tools (open source, our custom tools and commercial products) which analyse the source to detect statements that may result in memory overflows in the stack or heap and other problems likely to breach security
  • Taint-testers or Fuzzers which repetitive manipulate user input data can be used to cause a "path diversion" and a potential breach security. These vulnerable points are referred to as sinks.
  • Once identified, our consultants can demonstrate how to untaint tainted data through the use of input validation functions or sanitization routines.

The security source code reviews are carried out either at the client's site or remotely Our approach to security source code reviews mixes the use of open source tools, our custom tools and commercial products