Skip to main content
Methodology

Process for Undertaking a Secure Code Review 

With a hands-on approach to conducting a Secure Code Review, we focus on identifying valid security deficiencies within the target application, right at the code level, based on the OWASP Secure Code Review standard.

    Our Owl’s Flight Route

    Our Owl’s Flight Route

    Step One: Scoping of the Engagement

    Step Two: Project Kick-off Call

    Step Three: Access Code Repository

    Step Four: Static Application Securiy Testing Scan

    Step Five: Manual Secure Code Review

    Step Six: Executive Summary and Findings Review Report

    Step 7: Virtual Findings Review

    Step 8: Retesting (Optional)

    Step 9: In-House Remediation (Optional)

    Solution Plans

    We Tailor to Meet Your Unique Requirements

    Included

    Manual Secure Code Review

    A comprehensive Security Analyst-led manual line-by-line review of the application’s source code to identify and validate security deficiencies.

    Static Application Security Testing (SAST) Scan

    Scanning the source code provides a comprehensive perspective on security hygiene, helping to understand the security landscape and identify any missing dependencies.

    Executive Summary

    A high-level overview of the application’s current security posture tailored for an executive audience.

    Findings Review Report

    A comprehensive and detailed analysis of security issues tailored for a technical audience.

    Virtual Findings Review

    A detailed walkthrough of the reported findings, led by our Security Analysts, to educate and benefit your programming teams.

    Optional
    Retesting

    A retest to ensure that remediation efforts have effectively resolved any security vulnerabilities.

    Security Certificate 

    Issued upon validation that the identified vulnerabilities have been successfully remediated.

    Remediation 

    OwlEye Secure Code Developers can be engaged to address the identified vulnerabilities.

    Included

    Manual Secure Code Review

    A comprehensive Security Analyst-led manual line-by-line review of the application’s source code to identify and validate security deficiencies.

    Static Application Security Testing (SAST) Scan

    Scanning the source code provides a comprehensive perspective on security hygiene, helping to understand the security landscape and identify any missing dependencies.

    Executive Summary

    A high-level overview of the application’s current security posture tailored for an executive audience.

    Findings Review Report

    A comprehensive and detailed analysis of security issues tailored for a technical audience.

    Virtual Findings Review

    A detailed walkthrough of the reported findings, led by our Security Analysts, to educate and benefit your programming teams.

    Optional
    Retesting

    A retest to ensure that remediation efforts have effectively resolved any security vulnerabilities.

    Security Certificate 

    Issued upon validation that the identified vulnerabilities have been successfully remediated.

    Remediation 

    OwlEye Secure Code Developers can be engaged to address the identified vulnerabilities.