Source-code Review
Source code analysis reveals hidden threats and weaknesses in the application not easily detected by common penetration tests. After the code review, we'll provide a detailed report of vulnerabilities with specific suggestions.
Secure development and source code review
Code review
We check the security of the provided source code through manual and automated analysis and make recommendations tailored to the application and technology itself.
Advanced white-box
We verify application security through a combination of code security reviews, penetration tests and audits of target applications.
Checkmarx
We help clients implement Checkmarx's advanced solutions for automated source code analysis (CxSAST), application composition analysis (CxSCA), and developer training (Codebashing).
Training and consulting
We provide secure development training in both procedural (SSDLC) and technical (secure web application development) areas.
We check the security of the provided source code through manual and automated analysis and make recommendations tailored to the application and technology itself.
Advanced white-box
We verify application security through a combination of code security reviews, penetration tests and audits of target applications.
Checkmarx
We help clients implement Checkmarx's advanced solutions for automated source code analysis (CxSAST), application composition analysis (CxSCA), and developer training (Codebashing).
Training and consulting
We provide secure development training in both procedural (SSDLC) and technical (secure web application development) areas.
Advanced white-box
- An advanced form of white-box testing.
- Combination of penetration testing, code review and optionally other disciplines.
- Achieves higher quality and efficiency by combining the forces of ethical hackers with secure development experts.
- Maximizes the benefits of multiple security disciplines.
Checkmarx
- CxSAST - a tool for automated static source code analysis that can be integrated with a wide range of technologies.
- CxSCA - a software composition analysis tool aimed at finding vulnerable software dependencies and licensing conflicts.
- Codebashing - a platform for educating developers on writing secure code.
Training and consulting activities
- Technical and procedural training.
- Consultations in the field of secure development.
Case study
One of our leading clients asked us to perform penetration testing on a newly developed mobile app that manages users' financial information. Since the application was developed by a contractor, in addition to verifying security, we were also asked by the client to verify compliance with the criteria that the application was designed to meet.
During the penetration testing, we discovered several very serious authentication and authorization vulnerabilities that could enable an attacker to access the profile and financial information of all users of the product. This very critical data could be exploited by hackers, for example, in phishing campaigns targeting users or in direct attacks on the institution. If this situation were to occur in reality, the company would be at risk of major financial losses, associated loss of client base and reputational damage. However, because the penetration tests were performed in time before the application was published for real-time operation, this extremely serious incident was therefore avoided.
In addition, the analysis of the design and the actual state of the application highlighted some deviations from the agreed requirements. For example, in the area of handling user documents, which is subject to GDPR law, which the contractor had not adequately secured in the application. The client was therefore able to negotiate an expedited free fix within the contract and thus increase the level of security of its mobile application.
During the penetration testing, we discovered several very serious authentication and authorization vulnerabilities that could enable an attacker to access the profile and financial information of all users of the product. This very critical data could be exploited by hackers, for example, in phishing campaigns targeting users or in direct attacks on the institution. If this situation were to occur in reality, the company would be at risk of major financial losses, associated loss of client base and reputational damage. However, because the penetration tests were performed in time before the application was published for real-time operation, this extremely serious incident was therefore avoided.
In addition, the analysis of the design and the actual state of the application highlighted some deviations from the agreed requirements. For example, in the area of handling user documents, which is subject to GDPR law, which the contractor had not adequately secured in the application. The client was therefore able to negotiate an expedited free fix within the contract and thus increase the level of security of its mobile application.
Benefits
- When analysing source code, we emphasize manual reviews, which lead to the discovery of more serious errors than conventional automated solutions.
- Source code analysis reveals hidden threats and weaknesses in the application that are not easily detected by conventional penetration tests.
- After reviewing the code, we will provide you with a detailed description of the vulnerabilities with specific recommendations for remediation.
Print into PDF
-
Our penetration tests identified and remediated vulnerabilities within the company Konica Minolta -
Raising cybersecurity awareness at Broker Consulting -
Security of clients and employees of ČSOB has been improved not only through penetration tests -
Audits and sophisticated penetration tests for vulnerability identification for Škoda Auto -
At T-Mobile, we performed security tests and audits -
At Deutsche Telekom (T-Systems), we cover the areas of cyber security. -
Cyber security training services for dozens of OTE employees -
Implementation of penetration tests to improve the security of ING -
Implementation of security audits and penetration tests for ČEZ -
Increasing cyber security at the Hradec Králové University Hospital
-
Robust multi-level user and data protection of Military Hospital Olomouc
-
BUDVAR systematically increases its cyber security
-
Kofola has cybersecurity under control
-
Data of CENTROPOL ENERGY customers and employees is safe thanks to the DLP system
-
The first four companies adopt the new name Aricoma
-
Complete management of the corporate IT of MORAVIA PROPAG
-
Modern and secure IT infrastructure with operational services for Arkance Systems CZ
-
We have joined the EDIH NORTHEAST BOHEMIA consortium’s digitalization project
-
Faster and safer login to computers and applications at the Jihlava Hospital
-
Companies in KKCG's technology pillar are changing. Qinshift to be spun off from Aricoma
-
Security and remote management of thousands of commissioners' mobile devices for Census 2021
-
AC Identity - Identity Management for the city of České Budějovice
DO NOT HESITATE TO
CONTACT US
Are you interested in more information or an offer for your specific situation?