Secure Code Review
Code Review for Security
A Raxis secure code review meets PCI standards and is a highly effective way to reduce the risk of coding errors to keep the hackers, including ours, at bay. Combine with a penetration test, and you'll significantly reduce the chances of being breached.
Line-by-Line, Manual Review of Your Source Code
A code review is likely the most effective technique to detect and eliminate security vulnerabilities.
Raxis uses a manual, line by line, procedure to review the actual code for security risks. Our process is designed to meet compliance standards such as PCI DSS Requirement 6.3.2, which requires that any custom internal or public facing code be reviewed by someone other than the original author. While this can take longer than using an automated process, the manual procedure is recommended by PCI and allows us to find logic errors that tools often will overlook. In addition, we will make suggestions to move to secure coding best practices where applicable, even if the code does not present an immediate vulnerability. In some cases, we may use a tool to help us locate coding issues in bulk, however the work is done manually with a highly qualified programmer and security expert.
We'll help you find real security issues that tools often miss.
Our Raxis Penetration Testing team has seen a significant amount of coding and logic errors throughout the course of our work. These coding errors are often very simple, however the results from the errors are very significant. For example, leaving out input checking on one hidden field can result in a full compromise of the system, including the ability to create user accounts. While more rare, we've also seen cases where customers did not incorporate proper user authorization design, resulting in privilege escalation across the application. Automated solutions are not as effective as our manual process and could leave security gaps in production code to be exploited by others.