solutions
Source Code Security Review
HomeOur Methodology → Source Code Security Review

Get a complete analysis of your business’ software by a trusted security engineer — before it goes live.

The Need

The software you’re using should be tested against your security standards.

How We Help

One of our application security engineers will evaluate your application’s internal structures and inner workings to help identify flaws that could allow attackers to gain access to your critical assets. Using techniques such as control flow testing, data flow testing, branch testing, path testing, statement coverage and decision coverage, we examine the hard-to-copy (and often overlooked) error conditions that could be abused by skillful attackers. On top of that, we can pinpoint the exact line of code where the flaw occurs and provide very specific remediation recommendations.

Flaws we look for include:

  • Cross-site scripting (XSS): XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping.
  • Injection: Injection occurs when untrusted data is sent to an interpreter as part of a command or query.
  • Identity and access management (IAM): IAM is the process where users are identified and requests for access to particular resources are granted or denied.
  • Session management: A web session is a sequence of network HTTP request and response transactions associated with the same user.
  • Account management: Authentication and account management are directly related to identity verification.
  • Directory traversal: Directory traversal, also known as path traversal, aims to access files and directories that are stored outside the web root folder.

 

Why Us

Nothing Gets By Us

Our methodology combines manual code review, proprietary application security directives (ASDs), and the use of proprietary and commercial tools to create a consistent and repeatable process. Our review covers a broad range of common weaknesses that go beyond the popular taxonomies such as the OWASP Top 10 and SANS/CWE Top 25.

Cyber as an Enterprise Risk

Your enterprise risk is always top-of- mind. We know you’re in a balancing act between implementing growth strategies and mitigating risk. While we are specialists in assessing, testing and remediating risk associated with software, we approach cyber as more than a technology risk.

Start a review, call us:
Americas: +1.212.981.6540
EMEA: +44.20.7086.5875



Cyber security services offered by Stroz Friedberg Inc. and its affiliates. Insurance products and services offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida and their licensed affiliates. Aon UK Limited is authorised and regulated by the Financial Conduct Authority in respect of insurance distribution services. FP.AGRC.238.JJ The following products or services are not regulated by the Financial Conduct Authority:
• Cyber risk services provided by Aon UK Limited and its affiliates
• Cyber security services provided by Stroz Friedberg Limited and its affiliates.


Copyright 2021 Aon plc. All Rights Reserved.


Copyright 2021 Aon plc. All Rights Reserved.
Cyber security services offered by Stroz Friedberg Inc. and its affiliates. Insurance products and services offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida and their licensed affiliates. Aon UK Limited is authorised and regulated by the Financial Conduct Authority in respect of insurance distribution services. FP.AGRC.238.JJ The following products or services are not regulated by the Financial Conduct Authority:
• Cyber risk services provided by Aon UK Limited and its affiliates
• Cyber security services provided by Stroz Friedberg Limited and its affiliates.