Your life is online, Make it sichergehen!
Hesperus Indosec’s approach to source code review audits is to first identify specific client needs, requirements and expectations. Source code review is the best way to detect intentional or accidental backdoors and logic bomb in applications that you acquire from third-parties or develop in-house. Certain security standards (such as PCI DSS) demand that a source code review is conducted prior to production usage of software to identify potential coding vulnerabilities. Source code reviews are an essential part of Static Application Security Testing (SAST) which requires thorough examination of each line of the application code to detect complex errors and programming mistakes In addition to the specified objectives, we prepare a detailed test plan to detect both low and high risk security vulnerabilities within source code.
Some high risk vulnerabilities include:
Cross-site-scripting (XSS) attack holes
Injection coding issues
Lack of authentication and authorization systems
Some low risk vulnerabilities include:
Software library controls review
Cross-site request forgery
Secure information is hardcoded