Source Code Review

Application source code review is an essential part of White Box Penetration Test or Audit when the highest level of application security is required. Source code review is the most comprehensive and reliable way to find out and eliminate various vulnerabilities in your application.

Sometimes it is quite hard to discover vulnerability or weakness in application without a detailed code audit. Such vulnerabilities (also known as “0-day” vulnerabilities) are often discovered by hackers who use these vulnerabilities to compromise up-to-date applications with the most recent patches installed. Source code review is also the best way to detect intentional or accidental backdoors in applications that you acquire from third-parties. Certain security standards (such as PCI DSS v1.2, section 6.3.7) also demand review custom code prior to release to production or customers in order to identify any potential coding vulnerability.

At Graytips we achieve the highest quality of source code review by leveraging automated tools with in-depth manual analysis of code by our security auditors. All possible aspects of application security are tested, including:

Insufficient filtration of user-supplied data
Boundary checks and improper memory management
Application logic flaws and race conditions
Authentication and authorization bypass
Usage of unsafe methods and functions
Sensitive information disclosure

Upon termination of source code review you receive a report with detailed information about all the vulnerabilities and weaknesses discovered with tailored recommendations on how to fix them, accompanied by general recommendations on the source code structure and style.

© 2017 Graytips All Rights Reserved.