Code Review

We put your code under the microscope

Are you wondering if your application is secure? We point out potential security vulnerabilities in your source code. Most security problems are caused by critical vulnerabilities in applications. Code reviews identify security gaps in the source code thus minimizing potential risks.

A code review is something you should seriously consider, especially for security-relevant applications that provide access to sensitive data. The result of this code review is a report that we send you specifying the vulnerabilities analyzed in the source code according to their criticality, as well as detailed suggestions on how to eliminate them. That way you create more security. Right from the start.

Our procedures

Depending on the kind of application, we use static or manual analysis methods. In doing so, we either look at a section or at your complete application. We check compliance with recognized secure coding guidelines and best practices. Our methods support PHP, Java, C/C++, Bash, Perl, SQL, JavaScript and Python.

Automated tools are applied in static analysis methods to identify vulnerabilities. The source code of the application is checked without running it. We send you the results in the form of a report generated by the analysis tool.

Purely static analysis methods reach their limits if errors stem from business logic. This is where the dynamic analysis method is applied by one of our experts. The tool-based manual analysis identifies the critical areas and is conducted, as far as possible, during the running of the application. After that our expert performs a manual check and an evaluation of the detected vulnerabilities.

Our recommendations for you

A complete code review includes both the static and the manual analysis. Checking of the results by an expert is indispensable to be able to provide a real assessment. We test specifically for errors in the application and business logic by focusing on typical vulnerabilities such as injection, directory traversal, buffer overflow, privilege escalation, etc. Furthermore, we analyze the cryptographic methods used and check the exception handling. This comprehensive testing also enables us to detect errors in the application of control structures.

PCI DSS Code Review

Contact

 

Please contact us with any questions or queries.

 

Phone: +49 6102 8631-190
Email: sales@usd.de
PGP Key
S/MIME
Contact Form

 

Daniel Heyne
usd Team Lead Sales,
Security Consultant Pentest, OSCP, OSCE