Code Review
It is well known that eliminating software bugs and vulnerabilities at the requirements stage can reduce the cost of remedial action over one hundred-fold compared to remedial action after the event. The ideal solution is for the code to be written under a software development lifecycle (SDLC) which includes regular code review throughout the cycle, rather than testing as a one-off exercise just before going live. Unfortunately, the cost of true threat modelling is prohibitive for most organisations, other than the largest software vendors or financial institutions.
Not only are fixes less costly the earlier they are addressed, but early review results in fewer fixes being required in the future. Manual code review alone can be expensive, and is usually conducted on a sample basis; it will pick up issues that automated tools are unable to, but only for the samples selected. Covering the whole of the code set, automated source code analysis tools tend to be an significant investment which usually only large scale development projects can afford; many are also prone to higher levels of false positives and are naturally limited in their ability to pick up more complex issues that would be detected by manual review.
commissum’s blended approach, a combination of managed source code analysis and manual review, aligned to your organisation's software development lifecycle, offers a cost-effective alternative approach that can run in parallel throughout the development cycle. commissum's service offers a comprehensive, accurate and targeted method of detecting potential security vulnerabilities while the code is still in the development stage.
When combined with our CREST standard Application Penetration Testing prior to go live and after significant changes, and then regular Monthly or Quarterly Application Scanning, security is built in to the process, not merely added on. This also meets the requirements for compliance with PCI DSS.
Get in touch with one of our security consultants today
- No obligation
- Expert advice
- Tailored solutions
"We have been working with commissum for over five years on both rolling service contracts and ad hoc projects. We've found them extremely helpful and flexible in tailoring services to meet our requirements which, owing to the nature of our business, change frequently at short notice. Their staff are always professional, friendly and a pleasure to work with.”
Mark S, Head of IT - National Television Broadcaster
Latest News
Pirate Bay illegal file-sharing website falls victim to hacking attack
The Pirate Bay website was taken offline for more than twenty-four hours after a distributed denial-of-service (DDoS) attack on May 15-16. The illegal file-sharing website was the subject of a massive increase in traffic to its web servers, clearly organised by hackers unsympathetic to its aims of providing songs, films ...Thu 17 May, 2012 //
Android phones face new security threat from hacked websites
For the first time, Android mobile phones are now being targeted by cybercriminals whenever the user browses a compromised website. The websites have been hacked so that, merely by visiting the site, the user will unknowingly download a malicious app to the phone.Known as a “drive-by download”, this particular route ...Fri 11 May, 2012 //
NATO cyber defence exercise prefigures the shape of things to come
In March 2012, NATO carried out an innovative cyber-defence simulation exercise. The exercise featured experts from throughout the cyber-security industry. This particular exercise concentrated on communications systems. The headquarters of the exercise was based at CCDCOE (NATO’s Co-operative Cyber Defence Centre of Excellence), in Tallinn, Estonia.The participants were divided into ...Mon 30 Apr, 2012 //
