Look at code from a security point of view
During a code review Qbit systematically inspects the available source code to reveal potential security flaws. A code review is partly conducted using special tools, and partly by manual inspection of the source code. The latter focuses on those parts of the code where user input is handled.
In some situations, handing over source code to Qbit for inspection at Qbit’s offices is not feasible. In those situations, the code review will take place on site. During code review, a technical contact should be available to answer possible questions regarding the code. Qbit uses proprietary laptops for the code review. If a code review is performed on-site, there is no need for these laptops to be connected to organisation’s network.
During a code review the code is checked by our ethical hackers for situations that could lead to exploitation:
- Unit test - The source code is checked for instructions that may lead to incorrect handling in the internal handling of functions.
- Integration testing - The source code is checked for indications that can lead to incorrect handling in the call and response between functions.
All vulnerabilities are reverse engineered to check if they can be exploited from the application.
Benefits of a code review
- Find out if your application is hacker-proof
- Insight in the inherent level of security and real vulnerabilities
- Practical and feasible recommendations