Your life is online, 
Make it sichergehen!​

Source Code Review Auditing

Hesperus Indosec’s approach to source code review audits is to first identify specific client needs, requirements and expectations. Source code review is the best way to detect intentional or accidental backdoors and logic bomb in applications that you acquire from third-parties or develop in-house. Certain security standards (such as PCI DSS) demand that a source code review is conducted prior to production usage of software to identify potential coding vulnerabilities. Source code reviews are an essential part of Static Application Security Testing (SAST) which  requires thorough examination of each line of the application code to detect complex errors and programming mistakes In addition to the specified objectives, we prepare a detailed test plan to detect both low and high risk security vulnerabilities within source code. 

Some high risk vulnerabilities include:

Cross-site-scripting (XSS) attack holes

Injection coding issues

Lack of authentication and authorization systems

Some low risk vulnerabilities include:

Software library controls review

Cross-site request forgery

Secure information is hardcoded