Source Code Review

Whiteshield provides code review services for our customers so they can detect and fix vulnerabilities in the web and mobile applications already at the development stage. We believe that the reason behind several security flaws is that the developers either ignore or they are unaware of all secure coding practices. Code review can help our clients fix basic security issues when it is still quick and easy to do so, and before any major damage has occurred. Unlike most companies we do not use automated solutions only to scan the code as these tools do not detect all security issues.

We identify the weak points in your code before attackers do

Penetration testing on web and mobile applications helps detect current vulnerabilities and potential damage if exploited. In some cases this is appropriate, but for maximum levels of assurance, a code review is often a sensible approach.

Testing after the application goes public means identified vulnerabilities may have already been exploited. Secure code review can identify bugs before the application goes live and found by attackers.

In case of live applications in production environment penetration testing and code review together provide the most accurate picture of the security of your web or mobile application.

How is it done?

The source code for critical features of the application is reviewed manually, with a focus on areas that typically carry the most risk – our aim is to identify all types of flaws and inconsistencies in authentication, authorisation, session management, data validation, error handling, encryption, or any security configuration. Whiteshield follows OWASP Methodology which is the industry standard used to validate the security of web and mobile applications.

In which phase of the development is it recommended?

The earlier the better. Vulnerabilities are easy and cheap to fix if you detect them in the early stages of the development, a code review however can be performed anytime: it can also be done as a final check at the end before going live, but we also review applications regularly that have been in production for years. What we strongly suggest is that code reviews should be a regular event during the project development cycle.

Why Whiteshield?

Our team has years of experience both creating applications and conducting secure code reviews. We have expanded our capabilities across mobile app code reviews on Android and iOS platforms, we apply the same methodologies to web as well as mobile environments. We use a combination of automated and manual reviews to find and suggest fixes for coding errors that may eventually lead to serious security issues.