Alongside penetration testing, web application testing and other forms of application testing sits the need to often undertake a code review to ensure rigorous levels of information security and secure coding. Whilst penetration testing and application testing examines code that is running and executed, very often in more complex application testing scenarios there will exist code that may have security flaws buried deep inside it. A code review therefore allows the pen tester to actually review the lines of code or modules directly to check for flaws such as input validation, flaws in scripts, connectivity security with databases etc.
Efficient Code Review
Our penetration testing and application testing team predominantly have software coding review backgrounds and find that such work has the best value when undertaken in conjunction with a full penetration test i.e. the consultant can test an application in its “live state” and then check for flaws in the code alongside (thus making the overall process very efficient).
Secure Code Development
7Safe undertakes a vast number of information security breaches / security incident handling. Our Security Investigations and Assessments work has, over the years, taught us a great deal about why security incidents happen. Much of the issue lies in weak application security that is generally picked up during a code review or application testing / web application testing.
Our clients therefore request advice on secure coding and as a result 7Safe wrote the very popular Secure Coding for Web Developers which is delivered as part of our overall public course schedule and most often onsite with whole client teams in a private scenario.