Applications needing a high level of security assurance frequently benefit from code review. This is a part-manual, part-automated activity. MDSec employ a variety of automated scanning tools to cover the entire code base, validating false positives and qualifying issues uncovered in this manner.
Typically, automated scanning tools find around 50% of the possible flaws, being strong within the fields of insecure API usage, unvalidated data and injection. MDSec uses scanners for pragmatic coverage of these areas and augments their use with manual review of areas relating to application logic and design, which scanners are largely unsuited to, including:
Access to code allows security assessment to pinpoint numerous classes of potentially high risk flaws which would not otherwise be visible, including:
Related services include:
Speak to one of our industry experts and find out how MDSec can help your business.
+44 (0) 1625 263 503