Security Code Review

A code review discovers security weaknesses in your applications prior to a programmer finding them or them being discovered by a hacker and leaving you open to potential attacks.

Security Code Review

A code review discovers security weaknesses in your applications prior to a programmer finding them or them being discovered by a hacker and leaving you open to potential attacks.

The Hacken team consists of highly qualified security specialists with extensive experience in conducting automated and manual code evaluation tests. These tests discover basic application vulnerabilities, authentication and session management, including: SQL injection, cross-site scripting, and insecure storage. A code review is the perfect path to distinguish any inconspicuous, and imperceptible vulnerabilities in your applications. Our skilled professionals will also gladly provide recommendations on coding best practices.

An Application Programming Interface (API) inspection can guarantee that your automatic interfaces will not provide any gaps giving the hackers the possibility for attack. Hacken team can conduct the following tests: REST, SOAP, and RPC APIs.

METHODOLOGY

1

CWE/SANS

CWE™ stands for Common Weakness Enumeration and represents a community-developed listing of common software security vulnerabilities. It serves as a standard for software security instruments, and as a benchmark for detecting weakness mitigation and prevention measures.

2

WASC

The WASC Threat Classification is a collaborative venture to clarify and manage threats to a website’s security. The representatives of the Web Application Security Consortium have developed this program in order to promote and encourage the growth of industry standardized terminology for these problems. Security specialists, application developers, and software providers will be able to access a consistent language and terms for web security related issues.

3

OWASP

We follow the methodology created by Open Web Application Security. The Project (OWASP) and test cases are derived from the OWASP Application Security Verification Standard Project.
Our Secure Code Review efforts in this scenario are based on the following guidelines and security standards: OWASP Application Security Verification Standard, OWASP Secure coding guides, OWASP Top 10 Risks.

4

PCI DSS

This is a functional code review that tests correspondence to PCI DSS Compliance. It includes an evaluation of the existing measures for encryption\decryption and the storing mechanism of the Card Holder Data (CHD) and the Sensitive Authentication Data (SAD) of payment cards.

WORKFLOW

FEEL FREE TO CONTACT US