🇬🇧

Secure code review

We provide extensive code reviews of everything such as web, mobile and native (desktop) applications, cryptographic implementations, cloud infrastructure and hardware designs. Our security specialists review most - if not all - programming languages, configuration and markup syntaxes.

A secure code review is a specialized task involving manual and/or automated review of an application's source code to identify security-related weaknesses (flaws) in the code. It can be performed as a standalone delivery or as part of a penetration test.

Ask us about a secure code review!

Frequently Asked Questions

  • Initially, a scoping meeting is held with developers. The review is often performed manually with the aid of static analysis tools. The reviewer typically focuses on several security mechanisms and areas such as authentication and authorization, data and input validation, error handling and encryption.

  • Secure source code review can be done on specific functionality or a module/component but is best utilized towards the end of the development cycle, when all or most of the functionality has been implemented.

    One reason to perform it later is that it often is time consuming: performing it frequently on unfinished code would increase the cost, but it all depends on your requirements and needs.

  • You will get a written report and a presentation detailing the issues and observations identified during the review.

    The report will also contain: recommendations on how to handle the issues; advice regarding general design choices and architecture; and recommendations regarding testing and secure development.

    This information will help you to improve both the implementation and the development process.