Source Code Auditing

Strativia’s approach to source code review audits is to first identify specific client needs, requirements and expectations. In addition to the specified objectives, we prepare a detailed test plan to detect both low and high risk security vulnerabilities within source code. The source code audit process entails analyzing each critical component separately and together as part of the entire application. The plan also includes a phase to analyze the overall quality of the source code by looking for defects, bottlenecks and workarounds (ways to make lines of code cleaner and optimized).

During the security review, Strativia will search first for high risk and then work down to the low risk vulnerabilities. Overall, this will be a highly comprehensive audit intended to find security breaches and violations, bugs and other issues.

Some high risk vulnerabilities include:

• Injection coding issues
• Cross-site-scripting (XSS) attack holes
• Lack of authentication and authorization systems

Some low risk vulnerabilities include:

• Software library controls review
• Cross-site request forgery
• Secure information is hardcoded

Senior developers who understand developing and quality assurance perform our source code auditing and project rescue services. In addition to their standard auditing techniques, they perform penetration tests to identify vulnerabilities in software by launching targeted attack methods against common access points in attempts to cause breaches, disruption and bring down applications.