Apex Assurance leverages its extended network of the industry’s best security experts to assist in engagements where both automated and manual code review and fuzz testing are included. Apex Assurance leads the project management of the systematic examination and reviews of source code and fuzz testing and integrates the findings and process into the overall product security delivery process recommendations. This provides your developers not only with recommendations for fixing mistakes that may have been overlooked in the development phase, but Apex can ensure knowledge transfer of the review as it relates to the SDL process to ensure understanding of necessary secure coding practices in line with your company’s overall development process, enhancing process improvements in both the overall quality of software and the developers’ skills.
- Examine sensitive areas of software code
- Identify security flaws including: race conditions, overflows, character set conversion problems, logical errors, bad assumptions, key management flaws, and cryptographic mistakes
- Recommend specific fixes and general coding practice improvements appropriate to the client’s environment
- Lead groups of developers through code review exercises to enhance the client’s ability to audit code
- Upon request, a public facing document and knowledge transfer sessions explaining the test methodology, results, and associated secure development practices for vulnerability/bug mitigations