SOURCE CODE REVIEW
In our day to day lives, most people rely on all sorts of applications to improve their lifestyles for the sake of convenience, efficiency and performance improvements. Little do they know, security is often neglected in the application’s code as the attention is paid mostly on its functionality and performance.
Before the deployment of an application, source code review comes into play to discover any bugs or security flaws which will affect the overall quality of the application itself. In a security point of view, source code review performs weakness identification and suggests mitigation and preventive methods to further improve and facilitate secure coding.
This assessment aims to enrich the source code’s self-sustainability in protecting itself from present security breaches and to ensure a recommended secure coding structure. Apart from that, the review of source code enables the developer to verify if the security controls in place are working as intended.
Common Weakness Enumeration (CWE) is also adapted by pentesters to improve our methods in classifying and categorizing findings. This standard enables us to conform to a common baseline standard for weakness identification of the source code, corrective methods to address these flaws and prevention efforts to handle future security breaches.
Why Source Code Review Is Important?
Why do you need Source Code Review? Is it vital for us?
A rule of thumb, as long as you are in the industry which requires any form of software development, you have come to the right place! As situation goes, some developers may not always divert their attention on the security aspect of their coding structure, omitting recommended security practices during development phase. There is no better way than having a security review to sort out security issues residing in your application codes.
Source code review is capable of discovering vulnerabilities from coding flaws which most of the time is not covered in other pen-testing activities. Coding bugs, “Easter Eggs”, logic bombs, backdoor codes, sensitive and confidential information disclosure in code structures, etc. are examples of components that are more likely to be covered in this assessment.
What Programming Languages Expertise Do We Have?
As of January 2016, we have reviewed more than 10,500,000,000 lines code and the figures are still growing. Security code reviewers are well verse in the following programming languages.
Java
C#
C/C++
Visual Basic.NET
Visual Basic 6 (VB6)
Visual Basic 5 (VB5)
Visual C
Javascript and commonly used frameworks
Node.JS and commonly used frameworks
VBScript
PHP
Perl
ASP
ASPX
Apex and VisualForce
Ruby
HTML5
Python
Scala
Groovy
Android (Java)
Objective C
Swift
PhoneGap and commonly used frameworks
What Programming Languages Expertise Do We Have?
As of January 2016, we have reviewed more than 10,500,000,000 lines code and the figures are still growing. Security code reviewers are well verse in the following programming languages.
Java
C#
C/C++
Visual Basic.NET
Visual Basic 6 (VB6)
Visual Basic 5 (VB5)
Visual C
Javascript and commonly used frameworks
Node.JS and commonly used frameworks
VBScript
PHP
Perl
ASP
ASPX
Apex and VisualForce
Ruby
HTML5
Python
Scala
Groovy
Android (Java)
Objective C
Swift
PhoneGap and commonly used frameworks