MDsec

Code Review

Overview
Penetration Testing can go only so far in detecting vulnerabilities within an application. For critical applications, it is often necessary for an organisation to enhance their existing peer-review mechanisms with specialist independent security review.
Through code access, it is possible to find unreferenced functions such as backdoors, and to review parts of the security framework not accessible in a black box test, such as auditing, logging, or rare application states.

Our Approach
We take a pragmatic approach to source code review, using our own tools to trace untrusted input, isolate security-relevant code such as authentication, access control, input validation, logging, and boundary calls to databases, message queues, or web services.

MDSec Technical Services

Overview
Web Application Assessment
Code Review
Product Assessment
Reverse Engineering
Mobile Security Assessment
Infrastructure Assessment
Database Security Assessment
Unix Build review
Windows Build review

MDSec High-level Services

3rd Party / M&A Assessment