Tried, Tested and Proven

Source Code review

The Code Review process is a systematic analysis of the complete code, which makes up a bespoke software project.
Code Review
This entails a detailed review of the structure, flow control and form of the software by a consultant who is familiar with the programming language used and dependent technologies; thus potential weaknesses will be investigated so that any unsound code can be fixed.

The code review assessment can be applied to any programming language, whether it is for a web application or a standalone binary application.

In the case of a web application, the vulnerabilities our team is looking for are the same as with a Web Application Assessment.

If the code review is needed for a standalone binary software the focus will change to cover a much wider range of security issues specific to compiled languages. Below is a list of the most common issues our team members encounter:

General Insecurities

  • Integer Overflow or Underflow
  • Buffer Overflow (Stack or Heap)
  • Race Conditions
  • Format Strings
  • Dangling Pointers

Authentication

  • Broken or inadequate authentication
  • Broken or inadequate authorisation
  • Inconsistent implementation throughout a project
  • Insecure Direct Object References
  • User Enumeration
  • Privilege Escalation
  • Weak Forgot/Change Password Implementation

Session Management

  • Broken Session Management
  • Cross Site Request Forgery (CSRF)

Injection Flaws

  • Injection Flaws (SQL, LDAP, XPATH, Commands, XSS)
  • Remote/Local File Inclusion

Crypto

  • Insecure Cryptographic Storage
  • Use of Hard-Coded Credentials/Keys