Code review is a way of ensuring that the application has been developed so as to be “self-defending” in its given environment.
Why It's Important
Development and applications will always have defects and vulnerabilities. As mentioned, it is the reality of today’s world due to the complexity of modern day software. However, your company should be striving to constantly review, revise, and maintain its code using best security practices, including Secure Code Review, in order to minimize your risk and overall liability. Frequently, litigation takes place based around and impacting companies that were not performing minimal due-diligence to ensure the safety of their customers and data.
What We Offer
According to MITRE, proper secure code reviews are comprised of 3 essential steps and Digital Warfare can help with them all:
Interviews, where questions are asked of the developers. These questions and answers are used to ascertain the intent of the developer and their application, the overall knowledge and skill level of the developer, and their awareness of secure coding practices. Often, the answers provided during the interview segment will help shape the code review stage, making it more effective and more efficient.
The Code Review stage is literally that; it is the process of an individual or team of individuals manually reviewing the entirety of an application’s code, reviewing each line, function, and class in context and process flow to search for vulnerabilities – either direct or inherited.
Finally, the reporting stage is crucial. During this stage, the code auditors must pull together the data from the interviews and findings from the code review into a clear and succinct document that identifies the issues, risks, and vulnerabilities discovered in a professional manner.