Source
Code Review

Security Simplified uses a hybrid approach, both automated and manual code review techniques, to uncover code-related security vulnerabilities that are generally hard to discover from the web application frontend. The assessment is performed using a code-assisted penetration testing approach discovering issues related to common web application areas.

Our source code review is designed to discover implementation-level vulnerabilities introduced during coding and recommends remediation for those coding errors. We are well versed for the most commonly used programming languages including Java, .NET, C / C++, C#, RoR, PHP, Perl, Python.

Our methodology is derived from below standards:

  • OWASP Secure Coding Standard & Guidelines
  • New Zealand Information Security Manual (NZISM)
Image
Image

Our Methodology

Understand the Application Source Code at Runtime

Developer Session to Understand the Code Approach and Identify Mechanisms such as Authentication and Data Validation

Static Code Analysis Tools such as Brackman, CodeSonar, Find Security Bugs, SonarQube, etc.

Use Multiple Tools to Cover Variety of Issues

PTES & OSSTMM Methodology

Automated & Manual Testing

Vulnerability Exploitation

Executive Summary

Finding Description, Severity Rating, Impact & Recommendation

Report Based on Industry Standards

Sample List of Checks

  • Deny by default
  • Principle of least privilege
  • Hardcoded sensitive data, backdoors
  • Logging sensitive data or credentials
  • Buffer overflows
  • Use of vulnerable system calls and eval functions
Image

Reporting

  • Executive summary for the management
  • Vulnerability dashboard for the project team
  • Technical report with vulnerable code and location
  • Detailed attack paths & chaining of vulnerabilities
  • Vulnerability description, root cause, impact and remediation steps
  • Reporting include secure coding practices and risk rating matrix based on OWASP standards

Want to work with us?

Do you need help finding information or want to know more about what Security Simplified services can do for you?

CONTACT US

Copyright @2022 Security Simplified Limited