Process for Undertaking a Secure Code Review
With a hands-on approach to conducting a Secure Code Review, we focus on identifying valid security deficiencies within the target application, right at the code level, based on the OWASP Secure Code Review standard.
Secure apps start with secure code.
Deploy robust, secure code.
Leverage learning through expert interaction.
Secure apps start with secure code.
Deploy robust, secure code.
Leverage learning through expert interaction.
Our Owl’s Flight Route
Our Owl’s Flight Route
Step One: Scoping of the Engagement
The scope of the engagement is determined by the number of lines of code (LoC) and the programming language. This helps us assess the work effort required to complete the engagement.
Step Two: Project Kick-off Call
An OwlEye project manager will organize a project kick-off call with our Security Analysts and relevant stakeholders to obtain an overview of the application, environment, business logic, and current technology used.
Step Three: Access Code Repository
The code repository is provided as per scope for both scanning and manual review.
Step Four: Static Application Securiy Testing Scan
OwlEye uses the commercial tool Open Text Fortify to scan the source code, to gain an overall perspective on security hygiene, and to identify missing dependencies.
Step Five: Manual Secure Code Review
OwlEye Security Analysts conduct a comprehensive, in-depth, line-by-line review of the source code to provide validated findings, identifying security flaws, vulnerabilities, false positives, and emerging patterns.
Step Six: Executive Summary and Findings Review Report
OwlEye offers an Executive Summary to highlight the application’s security posture and a Findings Report for technical stakeholders, detailing the severity and impact of each vulnerability. Additionally, we provide actionable recommendations for remediation.
Step 7: Virtual Findings Review
A virtual review session, led by a Security Analyst, will be held with your development team and stakeholders. We’ll discuss document interpretation, review the executive summary, and examine the findings in detail. This collaboration helps triage and remediate the identified vulnerabilities.
Step 8: Retesting (Optional)
Step 9: In-House Remediation (Optional)
Engage OwlEye’s in-house developers to remediate the identified security vulnerabilities.
We Tailor to Meet Your Unique Requirements
What’s Included in Your Manual Secure Code Review
Manual Secure Code Review
A comprehensive Security Analyst-led manual line-by-line review of the application’s source code to identify and validate security deficiencies.
Static Application Security Testing (SAST) Scan
Scanning the source code provides a comprehensive perspective on security hygiene, helping to understand the security landscape and identify any missing dependencies.
Executive Summary
A high-level overview of the application’s current security posture tailored for an executive audience.
Findings Review Report
A comprehensive and detailed analysis of security issues tailored for a technical audience.
Virtual Findings Review
A detailed walkthrough of the reported findings, led by our Security Analysts, to educate and benefit your programming teams.
Maximize Your Security with Add-Ons
A retest to ensure that remediation efforts have effectively resolved any security vulnerabilities.
Security Certificate
Issued upon validation that the identified vulnerabilities have been successfully remediated.
Remediation
OwlEye Secure Code Developers can be engaged to address the identified vulnerabilities.
What’s Included in Your Manual Secure Code Review
Manual Secure Code Review
A comprehensive Security Analyst-led manual line-by-line review of the application’s source code to identify and validate security deficiencies.
Static Application Security Testing (SAST) Scan
Scanning the source code provides a comprehensive perspective on security hygiene, helping to understand the security landscape and identify any missing dependencies.
Executive Summary
A high-level overview of the application’s current security posture tailored for an executive audience.
Findings Review Report
A comprehensive and detailed analysis of security issues tailored for a technical audience.
Virtual Findings Review
A detailed walkthrough of the reported findings, led by our Security Analysts, to educate and benefit your programming teams.
Maximize Your Security with Add-Ons
A retest to ensure that remediation efforts have effectively resolved any security vulnerabilities.
Security Certificate
Issued upon validation that the identified vulnerabilities have been successfully remediated.
Remediation
OwlEye Secure Code Developers can be engaged to address the identified vulnerabilities.
Reach out to us for a personalized consultation.
Every application and business is unique. We’ll work with you to find a solution and budget that’s perfect for supporting your application security.
Reach out to us for a personalized consultation.
Every application and business is unique. We’ll work with you to find a solution and budget that’s perfect for supporting your application security.