An application code review is a cost-effective way to verify that an application has been built to support an adequate level of security. Kivu’s code review offers an added level of confidence before an application is released to the public, or used internally within an organization. Even if a code review is not mandated by regulatory compliance requirements, it offers added value for the security of the application and the organization at large.
Kivu’s code review focuses on the underlying security and coding practices around the back end of an application. Our standard methodology uses a combination of automated static analysis tools and manual analysis to facilitate the review process. Our review will identify common vulnerabilities, such as buffer overflows, formatting string exploits, and the use of non-secure coding practices.
Kivu will be able to:
- Accurately determine important code security issues
- Identify hot spots where security concerns are likely to be discovered
- Examine code clusters and code complexity, which have a strong correlation to vulnerabilities and security flaws
- Provide immediate recommendations when automated code scanning identifies significant systemic security issues
Although tailored for each organization, Kivu’s code reviews typically focus on the security vulnerabilities listed in the CWE/SANS Institute Top 25 Most Dangerous Programming Errors and the most current OWASP Top 10 Web Application Vulnerabilities.
Upon completion, Kivu provides both a summary and full code review report with specific findings and recommendations.