List of attacks and tests performed during penetration testing
What is Code Review?
Security code review is an in-depth analysis of the application’s code aimed to detect security vulnerabilities by inspecting the actual code of a given system. It is used to detect security bugs, reveal hidden backdoors in the code and reach full coverage of a given system’s vulnerabilities. The test will attempt to find weaknesses, the source of which is insufficient secure coding policies, business logic flaws, internal structures and the systems design.
Whether used to detect security bugs as a thorough alternative for a penetration test or as the means for detecting backdoors in the code, security code review is a complicated task that must be performed by a well experienced auditor. We provide exactly that.
Extra Info. Links to related pages
Secure Coding Best Practices
Discovering vulnerabilities is done according to OWASP and WASC methodologies. A partial list of some of them:
- User authentication
- Input validation mechanisms
- Configuration data protection
- Information confidentiality
- Information integrity
- Cryptography and key management
- Password policy
- Session management
- System administration interface protection
- Secure access to databases
- Endpoint protection for sensitive data
- Runtime error management
- Auditing & logging