Source code review, also known as Security Code Review is the process of auditing the source code for an application to verify that the proper security controls are present,
that they work as intended, and that they have been invoked in all the right places. Code review is a way of ensuring that the application has been developed so as to be
“self-defending” in its given environment.
Squnity experts analyze application design and architecture documentation, to build a high-level threat model of the application.
An analysis is then performed on the application’s source code. From the analysis, and taking the threat model into account, security-relevant portions of the application
are identified. Typically, this consists of modules dealing with session management, access controls, and any privileged system functions.
Infrastructure security testing generally includes:
An internal network pen test is performed inside a network to help gauge whether an employee or contractor could successfully conduct an insider attack, and the potential damage such an attack could cause.
This generally includes:
An external network pen test is designed to test the effectiveness of perimeter security controls as well as identify weaknesses affecting all other external-facing systems, such as web, mail and FTP servers
This generally includes:
Gain real-world insight into your vulnerabilities.
Enable encryption or choose a more secure protocol.
Determine whether partner organizations access more internal resources than you intended.
Identify what information a rogue employee could exploit.
Reconfigure software, firewalls and operating systems.
Identify any patches that need to be installed and Harden your access controls.
(+20) 1033658742
info@sud0root.com
Alfrdos street, Khartoum, Sudan