Latest News

PCI compliance may be bitter pill to swallow, but it's for merchants' own good
Google's financial incentives for vulnerability detection will be welcomed, but it may attract money-motivated non-technical people
Credit card fraud expected to rise at Christmas
BBC disability site detected as being vulnerable to a cross site scripting attack
Organisations struggle to understand PCI DSS, call centre compliance

Click here to see more news.

Vulnerabilities

Cross-Site Scriting on Portwise SSL VPN v4.6

Click here to see more of ProCheckUp's published vulnerabilities.

Awards

ProCheckUp is voted finalist in the National BCS Awards. Find out more.

Initial Code Reviews

Due to the sensitive nature of ProCheckUp’s clients we have two different methods of providing the initial code review

Method One

ProCheckUp replicates the customer’s servers and upload the supplied code onto the replicated servers at ProCheckUp. ProCheckUp are then able to review the code without disrupting the live customer environment

Method Two

The customer provides ProCheckUp with their website code which is used to review the customer’s hosted server & applications.

For both methods the code supplied is manually inspected, with the following assessed:

All code areas with inputs are identified, and inspected for the passing of malicious characters.
All code areas that store/retrieve data in a direct manner on the fileserver, are identified and inspected for file replacement and file uploading.
All code area that interact with the backend SQL server, are identified and inspected for SQL injection attacks.

The testing is not limited to the above points but is a representation of some standard reviews.

Contact us to discuss your code review requirement