Case Study: Application Source Code Security Assessment Case Study: Application Source Code Security Assessment

A case study of a client requiring us to determine the state of their code and provide recommendations to improve their security

Whitepaper: Security Analysis of Core J2EE Design Patterns Whitepaper: Security Analysis of Core J2EE Design Patterns

This whitepaper illustrates a detailed security analysis of the core J2EE Design Patterns

Training: Securing JAVA Training: Securing JAVA

The course will assist students in understanding web applications attacks and how they occur due to insecure coding practices

Description

A Source Code Review identifies the types of vulnerabilities only a software architect, developer, or tester would know. Before beginning a source code review, our Consultants gain a thorough understanding of your application as well as its purpose, background, environment and framework to best identify key areas of focus.

Our Consulting Team brings together many years of experience in software development and architecture therefore, once onsite, we can easily take a look at your application's architecture and immediately understand how it is intended to work; what the design implications are; what the application's strengths and weaknesses are; and, most importantly, determine risk appropriately. We also compare your application to what an ideal application does and prepare a Gap Analysis.

Using a combination computer-generated source code analysis and manual code review, our Consulting Team reveals vulnerabilities that may not be easy to exploit using black-box testing, such as back-doors or logic bombs as well as systemic issues such as insecure logging practices or gaps in authorization logic. We support most major languages and platforms including, but not limited to, Java EE, .NET, C/C++, PHP, Objective-C.

Our end goal is to determine what findings are legitimate and which ones are not. Most importantly, we make sure to link each finding to a business goal because, where some findings appear to have little impact to the application, they may have a large impact on your business, if left untreated.

Meet Our Experts

  • Tak Chijiiwa

    Tak Chijiiwa

    Director of Consulting

    Our code review consultants were all once developers themselves and they fully understand the challenges of meeting business requirements and deadlines but also ensuring secure coding techniques. We believe in empowering developers by helping them to understand the root cause of potential risk areas in their code.

    Tak Chijiiwa and Subu Ramanathan are the Mobile and Application Security Service Leads. Outside the office, Tak researches and writes articles about security most recently as a contributor in the Security News Daily article entitled "How Cybercriminals Empty Your Online Bank Account" (April 24, 2012). Tak brings together a unique blend of IT security, field work as well as business experience to his assessments therefore providing each of his clients with a clear understanding of the specific components involved in the assessment, the key vulnerabilities and how these may negatively affect the business in both the short and the long term, if left untreated.

Overview

A Source Code Review combines computer-generated analysis with manual code review to determine all the legitimate findings and explain how these will impact to your business as well as make sure the code is compliant to industry standards.

Key Business Benefit

We evaluate your application's source code for legitimate vulnerabilities and determine the impact each of these will directly have on the business.

Methodology

Security Compass' team is comprised of experienced software architects and application developers. Our methodology is tried and tested to provide results across multiple industries.

Learn more