Application Source Code Security Reviews are the ultimate tool for in-depth
analysis of application security vulnerabilities. Primeon engineers review
source code in all programming languages to uncover software security flaws
at the source. Primeon offers a comprehensive, Best Practices Application
Code Vulnerability Assessment Service whose brand name is known as "DeepSource".
What is a Primeon DeepSource Code Review?
A DeepSource code review is an independent review of source code that assesses
the architectural design, business logic and security posture of a developed
application.
This provides a true independent look at an application's
Code design
Use of technology components
Security flaws
The end result of a DeepSource review is a comprehensive easy-to-read actionable
report.
For each security exposure instance, DeepSource Reports provide the following
information:
Overview
Discover application security vulnerabilities using static source code analysis
and dynamic analysis.
Deep understanding of application to discover risks posed by even the most knowledgeable
insider.
For the most comprehensive testing coverage, it is combined with Application Penetration
Testing and Threat Modeling.
Key Business Benefits
Identify and mitigate risk posed by all attackers, including malicious insiders,
to eliminate potential attacks that could affect the "brand" image
of your company in the marketplace.
Decreased overall cost by identifying larger number of vulnerabilities
Decrease risk by applying a unique methodology aimed at identifying deeply-rooted,
major impact vulnerabilities that go undetected with other approaches.
Improved compliance with regulations and control frameworks, such as the NIST,
Sarbanes Oxley (SOX), FFIEC, Graham-Leach-Bliley Act Security Compliance (GLBA),
Basel II Compliance, Payment Card Industry Data Security Standard (PCI DSS),
COBIT, ISO 27001 (formerly 17799), etc.
Our Approach
Primeon' approach to Application Source Code Security Review involves:
Threat Analysis - Incorporate the full threat analysis methodology
Cursory Review of Code-All reviewers gain a high-level understanding of code
in order to be able to understand subsequent steps
Separation of Code-As with Threat Analysis, divide code into sections based
on identification of pertinent security areas so that review work can be assigned
to different individuals
Maintain Code Notes-Make notes on vulnerabilities and document each specific
finding
Detailed Code Analysis-Search through code to identify security vulnerabilities.
Identify and separate individual errors from systemic issues. Identify systemic
issues separately and present recommendations in summary report.
Review for Language-Specific Issues-Look for known issues specific to the platform
being reviewed (e.g. improper use of Java logger, buffer overflow conditions
in C++, remote procedure calls communication etc.)