Nowadays a simple penetration test activity is no more considered sufficient to protect business critical web applications. In addition, performing security assessment once the application has been developed is not cost effective. For these reasons more and more companies are requiring a Secure Code Review for their applications.
What is a Secure Code Review
Secure Code review (SCR) is probably the single-most effective technique for identifying security flaws in your code.
SCR consists in the process of auditing the source code of an application to verify that proper security controls are present, that they work as intended and that they have been invoked in all the right places.
Minded Security performs Manual Secure Code Review that provides a great value for the developers who will be able to understand where to fix the bugs and how to fix them.
Why a manual Secure Code Review?
Because it is effective:
Additionally, the manual review is the only activity capable of detecting the presence of malicious code and logic that could be implanted by a threat agent (such as embedded backdoors or Trojan horses) that has access to the code.