Source Code Review
Source Code Analysis can not only identify which statement, on which line of code is vulnerable, but can also identify the tainted variable that introduces the vulnerability, and is able to illustrate the propagation from root cause, to end result. This provides application developers with an end-to-end overview of each instance of vulnerability, allowing them to quickly understand the nature of the problem.
Development of Secure Code Development Guidelines
Based on the globally accepted OWASP guidelines, we help clients by developing comprehensive secure coding guidelines, which not only address the programming language in use, but also the configuration of the platform being used to run the application. For instance, our PHP secure coding guidelines incorporate security configurations to be done on php.ini, .htaccess and httpd.conf files in order to ensure that vulnerability in these does not result in an application compromise.
Benefits of Risk-Based Security Assessment
During application security assessments, an important aspect often overlooked is the business logic testing which directly impacts the business operations. This needs to be tested by understanding the business process running on the system and then by building business logic test cases accordingly. Having worked with organizations across numerous industries, we have a fairly strong understanding of typical business process such as online trading, e-commerce, supply chain, retail banking, treasury, payroll, procurement, etc. This helps us build in-depth business logic cases even in a routine penetration testing exercise and add far more value than a plain-vanilla penetration testing exercise.