A code review can verify the security of your application source code and find security flaws that may have been overlooked in the initial development phase and could leave your application vulnerable to attack.

​

Static Analysis

A purely static approach to code review can be taken where an executable version of the software cannot be provided, which may be useful where disclosure of the entire code base is not desirable or only one component of an overall solution requires review.

The following techniques can be employed during static analysis, based on customer requirements:

​

• Manual source code review
  With this step it is possible to identify security vulnerabilities within source code that an automated tool would often miss. Such vulnerabilities typically exist within critical functionality, including business logic, encryption, network communications and access controls. 

• Automated source code review
  A fully automated approach can ensure breadth of coverage in the identification of some of the most commonly found vulnerabilities, using industry recognised commercial code-scanning tools.

• Blended 
  By combining manual and automated approaches the review can provide both breadth and depth of coverage. 

​

Knowledge boundaries

​

Experience working with products written in and for a wide variety of programming languages and operating systems, including, but not limited to:

​

• Programming languages: .NET, Java, Javascript, Python, PHP,  SQL

• Operating systems: Windows, Mac, Linux/Unix