Our focus is to deliver the highest quality services, helping our customers achieve their goals
Code Review
Unfortunately, the majority of developers still don't have a good grasp of security. Although the overall level of knowledge is steadily increasing, the fact is that most developers rightly see themselves as experts in building functionality, performance and and a pleasant user experience, and not in the arcane art of computer security.
Web Application tests can validate whether vulnerabilities can be found and exploited on an application, and if Web Application tests are already being carried out, it is valid to ask if a Code Review is still necessary.
When a client engages a security consultant to perform any test, there is always a 'time box' or deadline to complete the testing by. By contrast, a hacker has no such time constraints. Matta does not believe that time limited 'Black Box' testing gives the best assurances, or is the best value to customers.
A Code Review is, in the first place, an effective means to shortcut the vulnerability finding process. But there are other benefits which include the identification of:
- Injection attacks, such as SQL injection
- Cross Site Scripting (XSS)
- Logic errors with the site, allowing users to illegally manipulate the data or processing of the application
- Input Validation issues
- Cross Site Forgery Requests
- etc
