Application Source Code Reviews

The objective of the ControlCase code review exercise is to quantify the level of security exposure in your application environment. The code review test is an exercise to identify possible code defects from a security perspective. The assessment consists of a combination of tools (commercial & proprietary) as well as manual efforts. Types of areas covered in a typical application include:

• JavaScript Hijacking
• Trust boundary violation
• Socket based communication in web application server
• Direct management of connections
• Missing check against NULL
• Unchecked return value
• Unreleased resources
• Unsafe Mobile Code from an Access Violations perspective
• Unsafe array declaration
• Empty password in configuration file
• Unhandled SSL exception
• Command injection
• Cross site scripting
• Input Validation
• LDAP Injection
• Missing XML Validation