New Banner 3

PCI DSS User Group

User Group is for merchants to come and share experiences with fellow professionals. We have regular presentations from the card schemes and acquiring banks.

Find out more...

Blog

Read about the latest IT security trends and reseach.

Read here

Application Code Reviews

Application Source Code Reviews 

odysea's application source code reviews take penetration testing that step further. odysea will select a penetration tester with knowledge of the language in which the application is coded to perform the review. The tester will perform an application penetration test with the additional benefit of knowing and understanding the functionality, process and coding style behind the colourful application skins that a typical user will see. Frequently there are vulnerabilities found using this process that a typical penetration test would never find.

Initial Source Code Reviews

Due to the sensitive nature of odysea's clients we have two different methods of providing the initial code review

Method One

odysea replicates the customer's servers and upload the supplied code onto the replicated servers at odysea. odysea are then able to review the code without disrupting the live customer environment

Method Two 

The customer provides odysea with their website code which is used to review the customer's hosted server & applications.

For both methods the code supplied is manually inspected, with the following assessed:

  • All code areas with inputs are identified, and inspected for the passing of malicious characters.
  • All code areas that store/retrieve data in a direct manner on the fileserver, are identified and inspected for file replacement and file uploading.
  • All code area that interact with the backend SQL server, are identified and inspected for SQL injection attacks.

 

The testing is not limited to the above points but is a representation of some standard reviews.

In-Depth Source Code Reviews

The in-depth code review is the same as the initial code review but with the intention of testing the code after the initial results have been fixed and look for:

  • Additional risks
  • Session based attacks
  • End user information disclosure attacks, between users
  • Cross Site request attacks
  • Cross domain redirection attacks
  • Error reporting and information leakage
  • Insecure communications

 

The testing is not limited to the above points but is a representation of some standard reviews.

Contact us to discuss your Application Source Code Reviews' requirement.

Test de Penetrare, Scanare de Vulnerabilitati, MoldovaTeste de Penetrare, Scanari de Vulnerabilitati, MoldovaPenetration Testing Moldova, Penetration Test Moldova, LogicalPoint