Context are experts in software security and secure engineering, providing source code security assessments and development assurance for some of the world’s largest organisations.
Context’s expert consultants possess a blend of experience in software development, penetration testing and secure coding practices, allowing us to confidently deliver high-quality code review assessments.
This is evidenced by the work of Context’s independent vulnerability research department, which has identified and published security weaknesses in high profile code bases including the Linux kernel,
Android, Java, Microsoft .NET and modern web browsers including Mozilla Firefox, Edge and Chrome.
How we can help:
- Review new or existing code bases to identify security issues before release or deployment, to maintain reliability, brand reputation and consumer confidence.
- Work with your organisation to provide code review as part of your secure SDLC.
- Review product source code to provide quality assurance, as part of a due diligence process during mergers and acquisitions.
- Provide guidance and ongoing assurance on secure and defensive development processes and design.
Development Assurance Approach
Context can provide detailed advice on every aspect of the software development process, from design to release, providing clients with actionable measures to increase the overall security of the deployment, build process and source code.
Source Code Review Approaches
Context are able to deliver source code review services for web, mobile, desktop and IoT applications using the following approaches:
A purely static approach to code review can be taken where an executable version of the software cannot be provided, which may be useful where disclosure of the entire code base is not desirable or only one component of an overall solution requires review.
The following techniques can be employed during static analysis, based on customer requirements:
Our experts are able to manually identify security vulnerabilities within source code that an automated tool would often miss. Such vulnerabilities typically exist within critical functionality, including business logic, encryption, network communications and access controls.
A fully automated approach can ensure breadth of coverage in the identification of some of the most commonly found vulnerabilities, using industry recognised commercial codescanning and Context’s custom tools.
By combining manual and automated approaches the review can provide both breadth and depth of coverage.
- Focussed/ Bespoke
Targeted review can focus on specific areas of the code base, typically those that provide security related, network or complex functionality.