Any code review starts with us being given access to the source code for the application under review. Once we have access to the code, we will first start by familiarising ourselves with the main functions of the application, and then begin looking for areas where security issues could arise.
We will then work with your development team to correct any issues we have identified and then check to make sure those changes haven’t created more issues.
Once both we and your development team are satisfied we have identified all potential security issues that exist in the current code base, we will produce a final report detailing the issues identified and the changes made to correct them.
Things a code review can identify:
- Input sanitisation issues
- Missing data validation
- Password hashing issues
- Exposure of debugging information
We appreciate that you may not wish to risk sending the source code to your proprietary applications over the Internet to an external firm, so we are more than happy to conduct the review on-site, and sign any Non-Disclosure Agreements you wish.
Given the bespoke nature of a code review, it is difficult to provide any kind of pricing indication. Normal businesses that are using third-party software should never need to conduct a code review, especially if you don’t have access to the source code.
If you’re using an open source solution, and are worried that there are security issues that the developers haven’t identified, a code review may help both you and the developers of the software by identifying (and fixing) the issues.
Code reviews are mainly aimed at the types of organisations that develop lots of in-house software to solve specific issues that are unique to their business. If you feel you fall into any of these categories, please contact us and we will work out the best way to provide you the peace of mind you are looking for.