UPCOMING IN-PERSON EVENTS: The Schellman team will be around the country at events the week of June 5th
When conducting a secure code review, we combine manual code analysis with automated static analysis tools to thoroughly evaluate the most critical features and functionality of your code. Our analysis will identify security issues, such as hard-coded credentials or encryption implementation flaws.
Our secure code review methodology involves the following steps:
1. Preparation: First, we’ll define the scope of the code review, establish review objectives and standards, and gather all relevant information and resources.
2. Threat Modeling: Then, we’ll identify potential security threats to your application and assess its risk levels.
3. Code Analysis: At this point, we’ll conduct a line-by-line review of the source code, using the aforementioned automated tools and manual techniques to identify potential security vulnerabilities.
4. Report Generation: After our analysis is concluded, we’ll document all issues found during the code review and prioritize them based on their risk levels.
5. Remediation: Using the actionable remediation strategies we’ll provide, we’ll work with your development team to implement necessary changes to the code and address any concerns at the development level.
6. Retest: Finally, we’ll verify that the changes made to the code resolve the security vulnerabilities and do not introduce new issues.
Schellman does perform secure code reviews—our Penetration Testing Team continues to grow and is currently comprised of individuals from different backgrounds including former developers, system administrators, and lifelong security professionals. Our team is incredibly experienced, and collectively holds the following professional certifications, among others: