Secure Code Review is a specialized task involving manual and/or automated review of an application’s source code to identify security-related weaknesses. The review evaluates application code to identify flaws, weaknesses, or errors as a way to help developers improve security.
The RedLegg Secure Code Review engagement will consist of a manual review of the critical pieces of code within the application and will include:
Benefits of a Secure Code Review performed by RedLegg include:
Gain insight into many of the risks faced within your enterprise by identifying shortcomings in your existing security program.
Prioritize the biggest threats to the organization and strategically plan the necessary roadmap to safeguard your organization.
Reduce the impact and likelihood of a successful breach and data exfiltration through testing and securing of your organization.
Show customers and stakeholders your commitment to securing and protecting the most valuable assets against various threat actors.
A RedLegg Secure Code Review consists of manually reviewing the source code of a software system. This type of testing audits the existing source code for the application to validate proper security controls, logic, functionality, organization, and effective use of language. Specifically, this effort consists of assessing security, language, design, and architecture.
During this phase, RedLegg will distinguish the number of pages within the web application using automated web spidering (crawling) tools:
Review code for language issues that may result in inefficient or insecure code:
During this phase, RedLegg will distinguish the number of pages within the web application using automated web spidering (crawling) tools:
Review code for language issues that may result in inefficient or insecure code:
The deliverable from the Secure Code Review will be a detailed document with sections tailored for different audiences:
This section contains summary information such as numbers of issues identified and critical action items.
Outlines structural findings and feedback regarding the overall structure of the system.
This section is optional and will be included in the deliverable at the discretion of the code reviewer. If included, it will contain information gathered during the review that may raise questions, concerns, or suggestions about quality that are not necessarily actionable as findings but merit consideration nonetheless.
Detailed information and evidence used for reference. RedLegg will also place all code review findings into source code management as they were discovered (in real time).
This section contains summary information such as numbers of issues identified and critical action items.
Outlines structural findings and feedback regarding the overall structure of the system.
This section is optional and will be included in the deliverable at the discretion of the code reviewer. If included, it will contain information gathered during the review that may raise questions, concerns, or suggestions about quality that are not necessarily actionable as findings but merit consideration nonetheless.
Detailed information and evidence used for reference. RedLegg will also place all code review findings into source code management as they were discovered (in real time).
RedLegg is an innovative, global security firm that delivers managed cybersecurity solutions and peace of mind to its clients.
RedLegg’s approach to information security protects the confidentiality, integrity, and availability of critical data based on a sound risk management framework. This approach allows organizations to engage business owners in defining acceptable levels of risk and to participate in the process for evaluating threats.
RedLegg’s ARMEE (Assess, Remediate, Monitor, Educate, Enforce) methodology institutes a lifecycle that allows for an ongoing process to continuously improve the security posture of the organization. This methodology is designed to be portable to all business, legal, regulatory, and security requirements of the organization. It is flexible enough to account for the constant flux in the market place, attack vectors, and protection mechanisms.
Reach out to our expert staff to dive into your security gaps and to protect your company from breaches.
DISCOVER MY SECURITY RISKS