SHTEIN SOLUTIONS Information Security
Consulting - Security Review - Penetration Testing

Code Review




As part of the information security processes taking place in the organization, it is usually common to perform code reviews on the applications developed in the organization for its internal needs. Code reviews may allow keeping track on the lack of security awareness of the organization programmers, and their failure to comply with general secure development principles. During the code review we also question the programmers who developed the application in order to gain as much information as we can. We focus our attention on the following subjects:

  • Input and output validation.
  • Method of connection to the database.
  • Method of database querying.
  • Checking for possible backdoors.
  • Checking the authentication procedure to the application.
  • Hardcoded credentials and Active Directory connection.

 


Back to Services


Contact Us