Secure Code Review  

Torrid provides code inspection of Internet applications to uncover security. To corporations that are concerned with the security of their online services, we provide the best line of defense when implementing ecommerce, Internet banking and transactional delivery of administrative services. This service includes program security testing and a thorough review of programming source code for Internet/ Web applications written in programming languages such as Perl, PHP, ASP .Net, Java etc.

The auditors perform a line-by-line inspection of the programming source code to identify new problems relating to security. Secure code review verifies compliance with industry security standards and our own customized secure coding guidelines. This review looks at following categories:

• Authentication
• Authorization
• Session Management
• Data Validation
• Database calls
• Cryptography
• Error Handling
• Logging
• Backdoors/Debug options

In addition, they look for any malicious code that employs helper programs on a user's hard disk to access unauthorized files and deliver them to the application's author. Once the testing and code inspection phases are completed, the auditors generate a comprehensive, easy-to-read report detailing the code deficiencies uncovered in the analysis. If warranted, some suggestions on the ways to remedy the problems might be included in the report.

Engagement Process:

Step 1 – Contact Initiation
E-mail us at our contact us ID and our sales team will contact you within one business day.

Step 2 – Agreement
We will sign mutual non-disclosure agreement (NDA) to maintain confidentiality for the information and application code shared among both the organization during audit process.

Step 3- Kick-off meeting
After signing NDA, our technical team will meet your individuals either personally or through conference call to get overview of application and will define Scope-of-Work (SoW). SoW will include overview and scope of service, review process, classification of findings, deliverables, points of contact and dependencies on client.

Step 3 – Code Review
Code will be transferred to our premises in secured manner depending upon your convenience and a second phase of meeting will occur to understand code hierarchy and structure. Thereafter, we will start conducting the code review of your application. A status report is presented on weekly basis emphasizing the critical threats. Meetings can reoccur during review process as and when our technical team wants further details about application code.

Step 4 – Report
Our report includes management summary, assessment details, vulnerabilities found in application, category of vulnerability, risk associated and industry proven recommendations for remediation.