There are a few vulnerability classes that are either extremely difficult to identify via dynamic testing, or are extremely difficult to accurately identify via static analysis, and result in a manual review of the code for validation.
Source code reviews require expertise with not only common vulnerability patterns and exploitation techniques at an implementation level, but also many different languages, frameworks and coding paradigms.
Through manual inspection, we can evaluate your application’s approach to important security issues such as:
Each deliverable provides our clients with ample evidence and supporting reproduction steps. This puts you in the best possible position to make swift, informed decisions on the proper treatment of any critical issue identified within your application environment.
A technical analysis of an application’s source code and dependent components is intended to expose insecure pieces (and reuses) of code. It also uncovers potentially hidden functionality that an adversary could leverage to compromise an application and gain access to sensitive information.
With the increasing dynamic functionality found in modern applications, we typically perform a hybrid application security assessment in parallel to our source code review. This approach further enhances our ability to craft payloads for testing and allows us to verify whether issues identified from a code review actually carry the risk of exploitation in the live, running application.
Certifications