A Code Review process has the aim to identify vulnerabilities in the source code. It represents one of the most important phases in the development of a safe application, allowing to identify many security issues before the software has gone in production. This process markedly reduces risk and costs
Code Reviews are characterized by an high degree of complexity, so it is fundamental that the auditor has a solid understanding of safe programming, general design, major attack typologies and that has a superior confidence in code reading and understanding.
The Code Review service offered by ISGroup is carried out by a team of professionals who have years of successful development and auditing experiences.
ISGroup is the ideal provider for your Code Review needs and acts with seriouness according to internationally recognized standards at the highest quality levels thanks to a steady commitment in the research area. Contact us to request a personalized preventivo.
The process is fundamentally composed by two phases, in the initial one the whole application is examined using one or more static analysis tools. Such tools have the purpose to simulate the code execution and to identify the eventual vulnerabilities. This approach has substantial advantages compared to testing the application alone, as there is a fully awareness of the application behavior.
In the following phase the code is manually analyzed concentrating on the most significant and exposed parts of the application. The analysis is executed by an heterogeneous team of highly qualified auditors to spot even the most complex and less-obvious vulnerabilities.
This second phase is mandatory: automatic tools are unable to correctly identify some vulnerabilities because of the intrinsic complexity of the task.
The Report is a simple and detailed document that summarizes the results of the activity and it is divided in three different areas, as described previously:
It is placed at the beginning of the Report and it is no longer than one page. It consists in a non-technical overview, destined to Management.
It consists in a technical part describing the discovered vulnerabilities and their impact in detail. It is dedicated to the Security Manager.
Working with us is pretty simple, just call the number (+39) 045 4853232 or send an e-mail so that we can get to know each other and discuss about your IT Security needs.