Follow us on twitter.  
Often security testing is placed into two types of tests, these being static and dynamic. Dynamic testing is performed in real-time and whilst the code is running and helps to identify "run-time" level vulnerabilities that include attacks such as Authentication, Authorisation, Denial of service and other forms of web/application level attacks. To identify these dynamic threats, a penetration test is typically run to identify vulnerabilities. Static analysis is targeted at looking at threats prior to the run-time environment. In a number of cases, identifying common issues such as SQL Injection, Cross Site Scripting, Cryptographic failures and programming failures are much easier to identify with static analysis.

The Appsecure team has been working alongside industry developers such as HP/Fortify, IBM, Veracode and Microsoft to perform static analysis either through manual or automated means. Appsecure is not aligned with any particular vendor, however, we understand the business and technical benefits these providers bring to the market and increase the ability to quickly and cost effectively perform analysis of applications. Our source code review program can be provided in a number of approaches. The following describes a number of options for source code review that Appsecure can perform.

Although Appsecure has specialities in code review for Web Applications, we also continue to complete assessments on backend server based applications, Mobile applications (iPhone etc), middleware and database systems. Our team has extensive experience in language security and development including .NET (C#, VB.NET, J, C++), ASP, HTML, Code Fusion, PHP, Objective-C, Javascript, Perl, Phython, C, Java, SQL, XML and many more.

Hybrid Source Code Review
The hybrid analysis model uses a mixture of both automated and manual source code analysis. We typically determine the best technology (aligned with language) and use this coupled with the team's experience in source code writing and review to conduct the assessment. When using automated tools, every finding is verified and validated by the review team prior to release to the client. This ensures that false positives are not provided in the final report.

Automated Source Code Review
An automated source code review program is offered to clients, requiring a low risk application to be quickly scanned for high-risk vulnerabilities and to determine the overall security posture of the application. This is completed in some cases where the client requires a "maturity" understanding of the application quickly within a smaller budget.

Manual Source Code Review
The manual source code review, removes the use of automated tools and our consultants will review the code manually across the system. In some cases, this is the only option if the source code is written in an language unsupported by scanning vendors on the market. Similar results are achieved with this method, however, due to the size and nature of applications, typically a full manual assessment is time consuming.

Another option available with minimal source code review, is the Appsecure Hybrid Assurance Assessment. This is designed to gain the best of everything within a reasonable time frame and budget. For more information on our assurance programs, please read the assurance sections of our site or talk with one of our team members today.

Client Enquiry Request (complete the form below, and we'll contact you)
Name:   Company:  
Email:   Contact Number:  
   We take privacy seriously, read our privacy policy
Strategic Security
Standards & Guidance
Compliance & Audit
OpenSAMM (Secure SDL)
PCI Alignement
Data & Privacy Security
Risk Management

Education & Awareness
Developer Training
CBT Training
Security Awareness Courses

Research & Testing
Penetration Testing
Assurance Testing
Source Code Review
Web Services Security
Mobile Application Security
Architecture & Design

Are you a client? Our client portal provides real-time access to your reports, as well as our knowledge portal and secure file transfer.
Register for Access
Forgot your password?
Terms & Conditions of Use

Latest blogs, articles and advisories from our research and testing team....
Avoid Common PCI Pains
Avoid a lot of the common mistakes made with PCI!
Maximise Education ROI
Get better ROI on your education programmes!
How to Secure the Cloud
How to securely deploy into the cloud for applications.
Assurance Vs Penetration
Whats the difference between the two types of testing?
  Read More..

Copyright © 2018 - 2020 Appsecure Pty Ltd  |  ACN 132 491 644  |  |  02 9160 7045   |  BRISBANE - SYDNEY - MELBOURNE - CANBERRA