Static Code Analysis Services 2020-09-29T19:26:52+00:00

Secure Code Review Audits

Secure Code Review is required by a regulated organisation such as those subject to Payment Card Industry (PCI).  For US operations, the following regulations require secure code reviews:  Health Insurance Portability and Accountability Act HIPPA (US medical) and Federal Information Security Management Act (FISMA) and Sarbanes-Oxley (SOX).

The Security Code Review includes an audit by an automated Static Code Analysis (SCA) tool and a manual code review by our Security Consultant.  The later step is needed as SCA tools often identify a significant number of false-positive and false negative finds in the code. Thus, Consultant review is needed to conduct weeding out, else the recommendations will mislead your Customer’s developers into chasing ghosts.

Checks include searching for various application vulnerabilities including:

  • Cross-Site Scripting (XSS)
  • SQL Injection
  • Formula Injection – Excel Files
  • Passwords stored in Clear Text
  • Hard Coded Encryption Keys
  • Weak Authentication Method – Basic Authentication
  • Password Policy
  • Exposing Error Messages
  • Logout Mechanism
  • Sensitive Information Is Stored In Log Files
  • Insufficient Transport Layer Protection.

Basic scan:

The Escrow London team will scan the entire code base with an automatic tool and will remove the false positive finding.  In this test, we will check only a few examples of every vulnerability listed above. No false negative check is conducted.

Advanced scan

The Escrow London team will scan the entire code base with an automatic tool and will remove False Positives, False Negatives, Business Process vulnerabilities and more. In this test, we will scan all the code but we will check only a few examples of every vulnerability.

Trusted by Many of the World’s Biggest Companies

walmart
fidelity
KSBA
BI
masmovil logo
pf
oxford
DOE
sc
dnata
cg
prud
unil
cinfin
JLR
bw3

Send us a Message

If you have any questions and would like to send us a message then you can use the form here. Simply fill in your details and somebody will be in touch with you.

We're committed to your privacy. Escrow London uses the information you provide to us to contact you about our relevant content and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.