Source Code Review

Companies depend on their code for almost everything. Developers are constantly creating new and innovated code for which every single line could be prone to a security issue. Source code reviews are an integral part of any mature SDCL and a third-party review is key to get a fresh pair of eyes making sure the code is secure and up-to-standards.


Review Approach

Source Code Review is a service, as the name states, its main goal is to perform an in-depth analysis and examination of software's source code in order to find and fix mistakes introduced into applications during the development phase.

Methodology

One of the main advantages of source code review, is the fact that bugs can be found during the development phase and it will help improve the quality of software before it goes into production. On top of that, white-box testing allow consultants to have a full view of the product in question given them a unique inside to find and determine the right severity for vulnerabilities. Unlike automated tools, Code review in Section9Labs are performed by professional consultants actually, reading, analyzing and looking for known and possible zero-day vulnerabilities using a variety of formal and informal methods, such as entry-point analysis, full-code coverage analysis, among many others.

Languages & Frameworks

Our consultants, have experties in many languages, framework and technologies. The list below represents some of languages for which our team possess world-class skills, among many others:

Java / Jav EE
C / C++
Ruby / Rails
Python
PHP
.NET (ASP, ASP.NET, C#, etc.)
Go
Common Lisp
Perl
Erlang
Node.js
JavaScript
Closure
Etc.