Source Code Reviews
Application Code Review services identify common programming errors that expose the application to buffer overflow attacks, input validation attacks, and lapses on security logic. These services provide a very granular level of review on the actual application source code in order to ensure that best practices of secure coding are in place, thus providing the highest level of scrutiny. The Hardened-PHP Project examines the application with an established methodology that includes manual techniques developed from significant experience in the field, custom tools to improve efficiency and accuracy of testing, and open-source tools.
The Hardened-PHP Project methodology addresses these areas of application security:
- Application Architecture Security
- Access & Authorization Controls
- Input Validation Filters
- Logic Errors
For each area of application security, the audit team performs an established list of manual and automated techniques; modifying these techniques to address unique problems, configurations, and concerns for each application reviewed. The team works closely with the application owners during this phase to ensure thorough communication and understanding of application scope, functionality and intended design.