Secure source code review is the process of auditing the source code and proves the best methods to identify flaws in software. It consists of a comprehensive analysis and structured review of the application code. As with any process each organization must choose the one that best fits its necessities. Our team has experience at all levels of modern application auditing.
Automatic vs Manual
The automatic code review is done by tools that search for well known vulnerabilities in the source code. While tools can give a fast but imprecise revision manual reviews done by humans find vulnerabilities that can only be found by understanding the application logic.
Static vs Dynamic
During the static code review the source code is read searching for flaws but without executing it; while dynamic code review requires a full deployment in a runtime environment. Both methods have they trade offs and complement each other.
Black box vs White box
The distinction between black and white box is related to the amount of information that is given to the reviewer team. Black box analysis is done blindly without any access to the source code. There are different techniques used in black-box reviews including reverse engineering and penetration-testing. White box reviews are done with access to the full source code. Normally secure code reviews have a white box approach.
Internal vs External
Internal code review is done by members of the organization during the development process while external code review is done by a different organization. The external review team tend to be in a position similar to an attacker and provides a completely different point of view. Both kinds of reviews are necessary and complement each other.Contact Us
We will contact you back within the next days.