Security Code Review
Get a checkup for your code!
A security code review involves a security expert with strong development experience examining the source code for an application and identifying potential vulnerabilities.
How does it work?
The security code review involves searching for various types of issues including, but not limited to:
- Input validation
- Forceful browsing / Insecure direct object reference
- Session
- Authorization
- Authentication
- Encryption
- Overall design
- Resource Usage
- Appropriate auditing
- Many more...
Benefits
The benefit of code review as a security measure, is that it results in action items for the development team that are context sensitive. In other words, there should be almost no false positives. The results are provided in the technology the team uses. The remediation steps are almost practical training.
Who should be interested?
Anyone with code that is concerned about security would benefit from security code review.
Customers wishing to review their code for security and quality are likely to be interested. This is a particularly good offering for customers that leverage partners for development. A security code review can help to ensure that code handed off by a partner is secure.
What does it cost?
Costs are based on the size of the codebase and scope of the review. Typically, a code review might take between one and two weeks and cost between $10,000 - $20,000.
Step up
Jemurai provides a number of security services, including pure manual security code review, security architecture review, application scanning and testing and can engage with organizations to develop security programs and build security into their SDLC.