A Source Code Review uncovers security vulnerabilities, security design flaws, violations of best practices, etc by examining the source code of an application.
Our consultants at GRC 360 develop a complete understanding of the application including its purpose, framework and background in order to determine key focus areas. We complement computer-aided source code review along with our manual code review to achieve best results. We support major platforms and languages that include PHP, JAVA EE, C/C++, .NET, etc.
We have the following approach towards conducting a source code review for our clients:
- Gathering information to develop a complete know-how of the application by discussing the functionality and purpose of the application with the developers
- Performing an automated scan using existing tools to detect easily identifiable vulnerabilities.
- Manually reviewing the source code by tracing data paths and discovering vulnerabilities other than the ones identified by automated scanning. These include business logic and authorization vulnerabilities.