Secure Code Review


Secure Code Review

A RedLegg Secure Code Review consists of manually reviewing the source code of a software system. This type of testing audits the existing source code for the application to validate the proper security controls, logic, functionality, organization, and effective use of language. Specifically, this effort consists of assessing code security, language, design, and architecture, including:

  • Customer-specific application functional review
  • Code verification
  • Findings report

The engagement consists of a review of the critical pieces of code within the application:

  • Architecture and design review, and recommendations for improvements
  • Data boundary analysis identifying vulnerabilities
    Level of trust, if any, implicitly provided to untrusted data sources or communications channels
  • Effective use of security protocols
  • Application of ciphers to sensitive data, both storage and transmission
  • Horizontal sampling of cross-cutting concerns for code quality analysis
  • Vertical sampling of transaction flows for code quality analysis