Source code reviews require expertise with not only common vulnerability patterns and exploitation techniques at an implementation level, but also many different languages, frameworks and coding paradigms.
Our team follows a highly-structured methodology to ensure a thorough review of the application source code. Our process, which includes information gathering, code review, validation and notification, ensures a detailed and effective security assessment.
A technical analysis of an application’s source code and dependent components is intended to expose insecure pieces (and reuses) of code. It also uncovers potentially hidden functionality that an adversary could leverage to compromise an application and gain access to sensitive information.
With the increasing dynamic functionality found in modern applications, we typically perform a hybrid application security assessment in parallel to our source code review. This approach further enhances our ability to craft payloads for testing and allows us to verify whether issues identified from a code review actually carry the risk of exploitation in the live, running application.
