Salus Logo
Penetration Testing

Secure Code Review

Salus' code reviews reveal exploitable flaws such as hidden credentials, unreferenced API methods, and vulnerable code paths by directly examining the code, offering more comprehensive security insights than standard assessments; pairing this with penetration testing maximises vulnerability detection.

More value can be provided through the addition of practical penetration testing activities

Salus code reviews can identify exploitable flaws which cannot be found in normal application assessments. The value of having access to code is that it allows consultants to identify potentially high-risk flaws which would not otherwise be visible, including:

  • Stored credentials or improper authentication and authorisation practices.
  • Unreferenced API methods, parameter values, or endpoints with functionality that can be abused by an attacker that is not displayed within normal user behaviour.
  • Vulnerable code paths, which are difficult to spot within the confines of normal application usage;
  • Vulnerable server-side calls which may allow onward compromise but do not display significant information during normal usage;
  • Any possibly vulnerable code that may need submission of specially crafted attacks to trigger exploitation, such as code that manipulates inputs in a specific way for application consumption.

It should be noted that whilst secure code reviews are an effective identifier of specific classes of vulnerability such as those relating to input validation, more value can be provided through the addition of practical penetration testing activities, such as web application or API testing, which excel at identifying complex logical vulnerabilities that may not be apparent from a single source code review.

Binary Image

Our Approach

Whatever you're protecting, we apply defence grade cyber security skills whilst taking into consideration the realities of day-to-day business operations. We help our customers to address their known - and their unknown - cyber risks.

Here to Help
Tell Us Your Priorities!

Related Services