Secure Code Review
Torrid provides code inspection of Internet/desktop applications to uncover security. To corporations that are concerned with the security of their online services, we provide the best line of defense when implementing ecommerce, Internet banking and transactional delivery of administrative services. This service includes program security testing and a thorough review of programming source code for Internet/ Web applications written in programming languages such as Perl, PHP, ASP .Net, Java etc.
The auditors perform a line-by-line inspection of the programming source code to identify new problems relating to security. Secure code review verifies compliance with industry security standards and our own customized secure coding guidelines. This review looks at following categories:
- Authentication
- Authorization
- Session Management
- Data Validation
- Database calls
- Cryptography
- Error Handling
- Logging
- Backdoors/Debug options
In addition, they look for any malicious code that employs helper programs on a user's hard disk to access unauthorized files and deliver them to the application's author. Once the testing and code inspection phases are completed, the auditors generate a comprehensive, easy-to-read report detailing the code deficiencies uncovered in the analysis. If warranted, some suggestions on the ways to remedy the problems might be included in the report. |
Internet Security 
