Code reviews provide assurance that an application is safe from the inside.
Some security checks simply cannot be done following a black box approach. During a code review a consultant will combine targeted manual code inspection and automated analysis to identify security risks in software. They are sometimes described as ‘white box’ or ‘grey box’ tests, and can complement application security assessments by providing a deeper analysis of the implementation.
Context have a comprehensive code review methodology that has been refined through assessments of a diverse range of applications, using a variety of languages and platforms, including both managed and unmanaged code. This methodology draws on a combination of targeted manual code inspection and automated analysis to reduce false positives and increase accuracy.
Context’s expert consultants possess a blend of experience in software development, penetration testing and secure coding practices, allowing Context to confidently deliver high quality code review assessments. This can be seen in the work of Context’s independent vulnerability research department which has identified and published security weaknesses in high profile code bases including Java, Microsoft .NET and modern web browsers including Mozilla Firefox and Chrome.