About
For projects which require additional assurance, or where you would like additional assistance at a code level, Pākiki can carry out code reviews. These would typically be carried out in a few scenarios:
- If the developers would like additional training on areas where they can improve at a code level.
- If a system is particularly high-risk (for example is high profile and processing significant personal information or large financial transactions).
- If a system is implementing functionality which can be challenging to get right (for example, custom encryption).
- If you have specific concerns and would like an in-depth review of one part of the codebase.
Broadly speaking, if you are seeking to understand what vulnerabilities are present in an application, a whitebox penetration test (where the consultant has access to the source code) is a better approach.
How we can help
Pākiki can carry out code reviews of applications, we have experience with most common languages and frameworks. We also have experience reviewing cryptographic code (where the code makes use of higher-level cryptographic primitives).
The majority of code reviews will sample a number of end to end interactions from the frontend user interface to the backend, understanding every line of code and identifying security vulnerabilities or development practices which could lead to vulnerabilities. The consultant would then explicitly seek to understand the security logic of the application (how login is implemented, how authorisation is implemented, searching for potentially unsafe functions, etc)
Get in touch
We’d love to hear about your project.