Code Review is one of our favorite things to do. We bring our deep technical expertise to bear looking for potential security issues. When we do code review, we routinely find authorization and even injection issues that were latent but very difficult to find through scanning, static analysis or even pen testing techniques – all of which are limited in different respects compared to code review.
We love working with client developers to provide deep contextual feedback and emphasize best practices for fixing issues we find. We’ve been there. We’ve written code that has security issues. Our goal is always to build developers up through our engagements by teaching, sharing valuable positive information and not just finding scores of issues.
To find out more about how we help companies build AppSec Programs, contact firstname.lastname@example.org or reach out directly to matt@ with a question. Here is a relevant blog post about how we actually do code review.