Secure Code Review Services


We use a combination of manual and automated tools to review your source code for common security flaws.  Many developers are great at writing efficient and functional code, but security is typically an afterthought.  As penetration testers, we understand how to exploit vulnerable applications. This knowledge puts us in a unique position to offer Secure Code Review services from the perspective of how an attacker can take advantage of poorly written code.  At a minimum, we check the security of the source code in the following areas:

  • Data Validation
  • Error Handling
  • Authentication
  • Authorization
  • Session Management
  • Logging
  • Encryption

If we are reviewing a web application we also ensure we analyze source code for any vulnerabilities related to the OWASP Top 10.

OWASP Top 10 Vulnerabilities.  Source:

We also leverage our exploit knowledge and development knowledge to provide Secure Coding Training on topics such as Secure Java Coding Best Practices covering the following areas:

  • Prevent SQL Injection
  • Normalize Strings Before Validating Them
  • Sanitize Untrusted Data Passed to Runtime.exec() method
  • Perform Any String Modifications Before Validation
  • Do Not Trust the Contents of Hidden Form Fields
  • Prevent XML Injection
  • Do Not Form Strings Containing Partial Characters from Variable-Width Encodings
  • Canonicalize Path Names Before Validating Them
  • Exclude Unsanitized Data Included in a Regular Expression
  • Do Not Allow Exceptions to Expose Sensitive Information
  • Prevent XML External Entity Attacks
  • Prevent Code Injection
  • Prevent Arbitrary File Upload
  • Use Conservative File Naming Conventions
  • Prevent XPath Injection
  • Prevent LDAP Injection

Contact us or use the form on this page for more information about our Secure Code Review services or to schedule a Secure Code Review.