Facebook Twitter Linked In
Panacea InfoSec

For your most critical applications a pentest or vulnerability assessment might not be enough to provide reasonable assurance that your application is secure. A deeper assessment might be driven by compliancy demands from the payment industry.

Our Secure Code Review service looks at your application and reports on vulnerabilities or security issues found. Our manual approach detects:

What Sets Us Apart?

Our approach is business driven: weaknesses and vulnerabilities are investigated, documented and reported according to the potential damage that may arise if they are exploited.
Our approach is focused on manual work: a skilled and experienced consultant will manually review your code. This is contrary to the methodology of most of our competitors where first a tool is used and then the results of this tool are reviewed. Current tools are not capable in detecting business log errors and even many of the common flaws might be missed. Tools are also incapable of detecting malicious code or the omission with malicious intent of certain security measures. 
The focus of our report is on giving guidance on how to improve on the discovered security posture and includes the following content:

Risk Based Methodology Based on Business Relevance

An exhaustive code review is seldom feasible or cost-effective in a commercial environment. Panacea has a unique business driven approach to limit the number of lines under review to what is relevant and needed.

Starting from your compliancy and security objectives we take an in-depth look at how your application is used (or will be used) by your teams and how the application fits in its environment. This enables us to limit the manual review to modules that are security relevant which is in our experience only 10 to 20 percent of the code base.

This methodology also enables us to have a very good idea on how an external or internal attacker or malicious developer might try to perform or hide unauthorised actions and helps us searching for malicious code as required by certain standards. Our experienced consultants will assess how the application could be broken and search for traces of this in the code, just as a viruskiller would act.

Standards Compliant

Our pragmatic methodology and experienced consultants will detect incompliances or issues in the application as required by international standards or guidelines.

Contact us