Identify the objectives of code revision.
In this step, we investigate the application architecture and the technology used, to find the essential security and threat specifications.
In this step, we investigate the application architecture and the technology used, to find the essential security and threat specifications.
In the second step, if possible, we use a static analysis scanner to discover an initial set of code-level issues that might require manual and detailed analysis.
Next, we will go over to manually examining the codes to identify flaws that are hard to find using static analysis tools.
Finally, we document all the identified issues and make recommendations to repair them.
This document will be used for an examination focused on important issues and will ensure you that we keep track of possible issues.
This document will be used for an examination focused on important issues and will ensure you that we keep track of possible issues.
Preliminary scanning involves a combination of static analysis and manual analysis methods to identify code vulnerabilities - areas in which the likelihood of security breaches is above average. At this stage, the vulnerabilities identified by static analysis tools are inspected by our technical experts to eliminate false-positive results.
As security flaws are usually grouped together, initial scanning offers the ability to prioritise the highest-risk areas, for in-depth analysis.
During the primary code review phase, Safetech Innovations experts analyse the code in detail to identify the security issues that occur frequently. This review is accompanied by a list of questions to ensure that the correct set of issues is identified. Generally, at this stage, familiar vulnerabilities, such as buffer overwriting, site scripting, and SQL injection are identified.
The final stage of the review involves the analysis of unique problems caused by the application architecture. These are usually threats identified during the threat-modelling step or in specific security features, such as authentication or customised authorisations. Code revision will pursue revision objectives, a static code analysis, and an architecture analysis.