Source Code Review

2-sec offer a simple four step approach to testing your source code:

1.  You send us your code and compiled binaries

2.  We perform extensive security testing

3.  We advise you of any flaws and tell you how to fix them

4.  We issue a 2-sec Assured certificate for you to share with customers and third parties, once we have validated the flaws have been fixed

Get in touch today and we will be very pleased to tell you more.  We currently offer a free trial for up to 20Mb of compiled Java code, so you can see how we do things.

Secure Source Code Review

Our Source Code Review is an essential part of best practice software security and also compliance regulations, such as PCI DSS and PA DSS.  It also helps to eliminate serious software flaws that might lead to instability or affect the integrity of data.

We provide both static and dynamic testing of source code, to ensure applications offer a high level of protection of confidential data and meet ever stricter compliance requirements.  Our highly experienced application security specialists can:

  • Ensure your code complies with OWASP top 10, and is not prone to:
    • Unvalidated input
    • Broken access control (for example, malicious use of user IDs)
    • Broken authentication and session management (use of account credentials and session cookies)
    • Cross-site scripting (XSS) attacks
    • Buffer overflows
    • Injection flaws (for example, structured query language (SQL) injection)
    • Improper error handling
    • Insecure storage
    • Denial of service
    • Insecure configuration management
  • Eliminate the risk of SQL Injection, XSS and CSRF style attacks
  • Analyse millions of lines of code across multiple modules
  • Interpret security flaws in a a wide range of languages, including C and its derivatives, asp, asp.net, Visual Basic, vb.net, C#, Java, Perl, Python, PHP and Delphi.
  • Pinpoint vulnerabilities and provide precise, detailed remediation advice for rapid fixes
  • Identify design areas and recommend best practice
  • Advise on counter measures such as Web Application Firewalls

We carry out Source Code Reviews using manual and automated methods, whilst taking time to understand the architecture, purpose and run-time environment before running to conclusions.  We focus on finding real flaws that present a real threat, as opposed to flaws in code that would never be exposed to a hacker.

SDLC Assessment and Security Training for Developers

2-sec provide an SDLC Assessment as part of our Source Code Review services, to ensure that security is considered throughout your entire Software Development Lifecycle, from concept and planning through to operations and maintenance to the ultimate disposal.

We advise on industry standards and best practices to help you build security into each phase, including:

  • Secure Software Concepts – security implications in software development and for software supply chain integrity
  • Secure Software Requirements – capturing security requirements in the requirements gathering phase
  • Secure Software Design – translating security requirements into application design elements
  • Secure Software Implementation/Coding – unit testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation
  • Secure Software Testing – testing for security functionality and resiliency to attack
  • Software Acceptance – security implication in the software acceptance phase
  • Software Deployment, Operations, Maintenance and Disposal – security issues around steady state operations and management of software

The review is aimed at all software lifecycle stakeholders, and provides:

  • A holistic approach to software security needs
  • Advice regarding designing, developing and deploying secure software
  • Knowledge on the latest software security technologies
  • Assurance of compliance to regulations
  • Compliance to your policy & procedures set

Confidentiality, integrity, availability, authentication, authorization and auditing – the core tenets of security – must become requirements in your Software Development Lifecycle.  Without this level of commitment, information is placed at risk.  Incorporating security early and maintaining it throughout all the different phases of the Software Development Lifecycle has proven to be 30-100 times less expensive and incalculably more effective than the release and patch methodology used frequently today.

Free Java application scanning

We are currently offering a on obligation trial for those that want to sample our service, and would be happy to investigate potential flaws in a <20Mb Java application (.jar file) at no cost.  Please get in touch with us today to find out more.