Security Code Review

VSR code review services identify programming flaws that can make your applications vulnerable to attack and exploitation. An application security code review is designed to highlight potential security vulnerabilities within the application based upon a defined application threat-model. It is intended to identify unsafe coding practices in areas, including but not limited to: authentication, authorization, session management, cryptography, error handling, information leakage, data validation and language specific coding issues. VSR is well versed in nearly all programming languages in use today, including: Java, C#, ASP, C / C++, Visual Basic, Perl, Python, TCL and assembly language on various platforms.

Our security professionals perform both manual and tool-guided reviews of application code to identify issues such as:

To provide more rapid and cost effective reviews, VSR will often develop a high-level threat model to identify areas of increased exposure, such as an application's entry points and areas which act as application security controls. In other instances VSR may also perform full source code reviews to ensure complete coverage, identifying each instance of specific types of vulnerabilities. Resulting documentation and knowledge transfer provides developers with recommendations and code samples necessary to remedy vulnerabilities in ways that are closely aligned with industry best practices.

VSR offers several types of code reviews dependent primarily upon client objectives. We work with our clients to identify the code review solution that best meets business objectives. VSR offers the following types of application security code reviews:

VSR provides recommendations to develop secure applications based on the best practices of our clients and the professional skills of our experts.

Apple iOS / OSX: Foundation NSXMLParser XXE Vulnerability

XML Schema, DTD, and Entity Attacks

IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to POA

Timothy D. Morgan presents No Crack Required: Cryptanalysis in Real-World Applications at OWASP AppSecUSA 2012.


Contact us by phone,
fax or e-mail:

Phone: 617.933.8919
Fax: 617.933.8920