Source Code

According to evidence, the earlier you detect security vulnerabilities during software development, the cheaper they are to fix. To be effective, however, a source code assessment needs be more than just thorough and accurate. It needs to give you an understanding of the root causes of your security problems, recommendations for long-term prevention plus help you prioritise which vulnerabilities you need to address first.

Custom web applications are typically exploited via SQL Injection, Cross-Site Scripting (XSS) and various forms of business logic flaws. When these are not addressed adequately you risk damaging your own personal reputation plus compromising your information assets, losing revenue, damaging your brand, violating industry regulation and downtime.

In order to reduce your exposure, SensePost can help through our Source Code Assessments. We will uncover insecure software development practices and work with your team during each stage of the secure development life-cycle (SDL) process. We focus on key elements of the software-coding framework such as the authentication processes, data validation and session management. Our work incorporates workshops, architecture design reviews and penetration testing.

We deliver:

  • A detailed report for your Executive, Management and Technical audiences
  • Identification of good practices found in the environment along with weaknesses
  • Prioritized results sorted by severity of risk
  • Vulnerabilities reported against CVSS2, the OWASP Top 10 and SANS Top 25
  • Recommendations on how to fix vulnerabilities and reduce your risks based on best practice, our experience and your unique business requirements
  • Guidance on ways to ensure compliance with regulations and industry mandates
  • Briefing session with your chosen team to guarantee understanding