Source Code Review Engagements
Critical to your CyberSecurity posture are your in-house developed applications and their source code. Code review engagements involve consultants reviewing source code for common coding vulnerabilities and general security best practices. Engagements require the client to typically provide the consultant with:
- background information on the purpose of the code
- code architecture / structure review
- an explanation of the code execution flow
The NCI Approach:
Once received, NCI’s consultant proceeds to statically review the code manually (with automated and manual methods) for security best practices. Our analysis will incorporate Open Web Application Project OWASP Top 10 critical application flaws.
NCI’s consultant will create a report that details:
- issues discovered in the source code
- the reason the vulnerabilities occur
- how the vulnerabilities may be exploited
- high level recommendations as to how the identifies vulnerabilities can be remediated
Are you confident your in-house developed applications are secure?