A detailed code review can significantly enhance the security of applications, particularly web applications. A code review can identify a wide range of weaknesses enabling development teams to fix security issues before an application is deployed into production. Research has shown that fixing problems later in the software development lifecycle can cost up to 100 times more than addressing weaknesses in a pre-production testing or staging environment.

In addition, the code review process allows development teams to understand the principles of secure application development and provides the opportunity to share best practice, experience and techniques with highly experienced reviewers with many years programming experience. The knowledge shared can reduce code-related security issues in subsequent releases as well as in new applications.

Orthus have assembled one of the largest application code review teams in the UK, experienced in a range of languages and server and client-side scripting languages (including Java and PHP). Application code reviews can be extremely effective at eliminating serious security flaws such as susceptibility to SQL injection techniques, cross-site scripting, input/data validation weaknesses, error exception handling/management, and vulnerabilities that may result in buffer overflows and remote command execution.

Orthus Application Code Reviews can be highly cost effective by limiting the review to code associated with pages and/or functionality that is sensitive or critical – such as code associated with authentication of users (and password resets) or associated with interaction with backend databases.