Secure Code Review

What is a code review?

In a code review, the source code of an application is examined manually. This makes code reviews an important component of quality assurance.

Code reviews can be effectively combined with static code analyses to cover a wide range of possible mistakes.

We are therefore also happy to support you in integrating automated code scanners and other tools into your CI pipeline or help your team to set up a peer review process.

What is a code review?
Why is a code review useful?

Because the entire source code is available, problems that may be difficult to detect in a vulnerability assessment can be reliably identified during the code review.

Thanks to our experience, we are able to identify security-critical problems and explain them in a way that your developers can understand.

This enables your team to identify problems at an early stage and sustainably increase code quality.

Moreover, code reviews by an external service provider are an important compliance requirement, while continuous peer reviews are a good way to increase overall application quality.

Why is a code review useful?

Course of a code review

  • Kickoff

    After an introduction to the application, we agree together on the source code to be reviewed.

  • Delivery of source code

    You provide us with the source code.

  • Source code analysis

    Our consultants review the source code provided and document the code passages that may pose security risks.

  • Reporting

    We compile a report in which irregularities and problems are described in a comprehensible way and possible solutions are presented.

Wrap-up and conclusion

Subsequent to a code review, you will receive a detailed report with the identified problems and background explanations. If you have any questions about the report or individual findings, we will be happy to explain our findings in a presentation of the results.

We can also help you set up a CI pipeline that scans the source code with automated code scanners and thus eliminates a large number of flaws as early as the development process.

To conduct a code review, we only need the source code and a short introduction.

Yes, and that is a very good idea too! We are happy to help you set up a CI pipeline and are always available to answer your questions.

No, because automated code analyses and code reviews serve different purposes.

Code reviews are excellent for uncovering problems in the application logic and architecture.

Automated code analyses, on the other hand, help to identify inconsistencies and recurring problems in the code and thus improve maintainability and code quality.

Both approaches therefore complement each other nicely and should be used in combination.

We offer manual code reviews for common languages such as Java, JavaScript, PHP, Python, Rust etc.

If your programming language is not explicitly listed here, please do not hesitate to send us an email at [email protected]. The list is not meant to be exhaustive.

Get in touch

Curious? Any more questions? Call us, write a mail or book a meeting with one of our consultants right away!

Newsletter

Would you like to stay up to date? Sign up for our newsletter: