Foundstone’s capability in source code security assessments extends from our Software and Application Security Service (SASS) consultants, who have performed source code audits on numerous client applications, as well as their own software. Our SASS consultants worked as development practitioners on commercial enterprise software systems and understand the software development process, as well as why and how security bugs are introduced. Our experience, combined with advanced automated tools using contextual analysis, enables us to look at a greater amount of code faster, more accurately, and more effectively than other security consulting services.
With a JumpStart Code Review, Foundstone performs a targeted assessment that augments automated code analysis with manual review. Automated tools alone are not effective at finding architectural flaws, and they also return large numbers of false positives. Foundstone’s experienced SASS consultants combat these shortcomings, providing your team with accurate and insightful results you can use to immediately improve the security of your application.
Foundstone’s Software & Application Security Services team provides software security expertise that stems from their backgrounds in enterprise software development organizations. They have performed source code audits on numerous client applications as well as their own software. Having worked as development practitioners on commercial enterprise software systems, they understand the software development process as well as why and how security bugs are introduced. The recommendations they provide offer solutions that fit both the specific section of code where the issue was identified and the larger code base that must interact with the code section.
Perhaps most importantly, having faced some of the same pressures of commercial software development that your team may deal with, our consultants are well equipped to make recommendations that are practical to implement and are not just theoretical in nature. Our experts, using manual code review techniques and contextual analysis in combination with advanced automated tools, are able to look at more code, more accurately, more efficiently, and more effectively than others.
Additionally, Foundstone’s code review will help you meet the PCI DSS requirement 6.6. Foundstone’s experienced software security consultants will provide your team with accurate and insightful results you can use to immediately improve the security of your application and meet PCI requirements.
Foundstone will perform this assessment using our tried and tested methodology:
Our JumpStart Security Code Review includes: