Source Code Review & code review2Analysis

Build resilient applications

• Identify potential vulnerabilities
• Achieve a deep insight into application security
• Gain a static perspective
• Receive reports detailing issues with remediation guidance

 

Strength in the source code


 

Source code review is a service offered by Foregenix that aims to have a deep look inside the codebase of a client’s application. This service is intended as a complement to the Web Application service offering and looks at the application from a static perspective versus the dynamic approach that penetration testing offers.

strength-2

Why a source code review?


Foregenix’ Source Code Review examines application source code to identify vulnerabilities resulting from the use of insecure libraries or application logic which does not adequately consider security requirements. The Source Code Review is the most effective mechanism to achieve a deep and efficient insight into existing or potential application vulnerabilities.

 

Remove all limitations


 

We recommend this service in cases where the application is too big or too complex to be covered by standard penetration testing in a timely and thorough manner.

A web application penetration test is a dynamic exercise that is executed based on the snapshot of functionality and data assigned to the accounts provided to our analysts. It is also limited by them, so if access to a functionality is based on a set of data that the sample application user is lacking, the analyst will be blind towards that functionality and it will remain untested. 

Source code review takes away this limitation since it looks at the application at the code level, hence providing access to all code paths.

To perform this service, Foregenix requires access to all application source code and related libraries to ensure there are no blind spots. The source code is subsequently analysed for security vulnerabilities.

The final deliverable of the Source Code Review service offering is a report detailing all the security vulnerabilities that were identified during the inspection of the source code. 

 

 

What can Foregenix do to help you?

 
Review and improve your Software Development Life Cycle to build security as part of your application’s DNA.
Identify and prioritise weaknesses in code that are critical to your use cases in a cost effective manner
Help your organisation retain the knowledge. Identify skill gaps and provide education to your development team.
 
 
 
Contact us to discover the many ways Foregenix can help you develop secure software.

Contact Us