Secure Code Review

A secure code review is a specialized process that involves manually and/or automatically reviewing an application's source code in order to find security flaws and vulnerabilities

A secure code review does not strive to find every flaw in the code; rather, it seeks to provide insight into the sorts of vulnerabilities that exist and to assist the application's developers in understanding what issues are present

The purpose is to provide developers with information that will aid them in making the source code of the application more secure and safe.

iSec's engineers reviews seven different security mechanisms while performing a secure code review and white box testing.

An application that is vulnerable in any way makes it a target for an attacker and raises the chances of it being used in an attack.

A secure code review should educate developers about the source code's security in each of the following areas:

  • Authentication
  • Authorization
  • Session Management
  • Data validation Error handling
  • Logging