New Banner 1

Request a Callback

Client Quote

Working with ProCheckUp we receive a personal approach and a professional service. We will be using them again.
Cofunds

PCI DSS User Group

User Group is for merchants to come and share experiences with fellow professionals. We have regular presentations from the card schemes and acquiring banks.

Application Code Reviews

Application Source Code Reviews 

ProCheckUp's application source code reviews take penetration testing that step further. ProCheckUp will select a penetration tester with knowledge of the language in which the application is coded to perform the review. The tester will perform a application penetration test with the additional benefit of knowing and understanding the functionality, process and coding style behind the colourful application skins that a typical user will see. Frequently there are vulnerabilities found using this process that a typical penetration test would never find.

Initial Source Code Reviews

Due to the sensitive nature of ProCheckUp's clients we have two different methods of providing the initial code review

Method One

ProCheckUp replicates the customer's servers and upload the supplied code onto the replicated servers at ProCheckUp. ProCheckUp are then able to review the code without disrupting the live customer environment

Method Two 

The customer provides ProCheckUp with their website code which is used to review the customer's hosted server & applications.

For both methods the code supplied is manually inspected, with the following assessed:

  • All code areas with inputs are identified, and inspected for the passing of malicious characters.
  • All code areas that store/retrieve data in a direct manner on the fileserver, are identified and inspected for file replacement and file uploading.
  • All code area that interact with the backend SQL server, are identified and inspected for SQL injection attacks.

 

The testing is not limited to the above points but is a representation of some standard reviews.

In-Depth Source Code Reviews

The in-depth code review is the same as the initial code review but with the intention of testing the code after the initial results have been fixed and look for:

  • Additional risks
  • Session based attacks
  • End user information disclosure attacks, between users
  • Cross Site request attacks
  • Cross domain redirection attacks
  • Error reporting and information leakage
  • Insecure communications

 

The testing is not limited to the above points but is a representation of some standard reviews.

Contact us to discuss your Application Source Code Reviews' requirement.