CastleGarde provides Web Application Source Code assessment service that examines the source code of the web server. Any weaknesses that are exposed in coding of the application, operating system, and database structure that often presents high exposure of being exploited by external sources. This review is well beyond the scope of work performed in the EVA. The service is delivered by a server and application specialist with more than 30 years in the technology/programming industry, and has CISSP, CISM, and CISA certifications.
The assessment consists of a full external and internal review and assessment of the website with the intent of:
- Discovering security weaknesses utilizing various industry and proprietary tools
- Reviewing the source coding techniques for design methodology, features and controls, operating system integrity, and overall website integrity
- Assessing the public facing interfaces and code for vulnerability
- Running external validation tests
- Review of .NET or ASP, PHP, Java structure and programming code
This assessment is iterative in nature and results in a before and after report being delivered. The assessment is first performed on the current production website and a report is delivered with recommendations. Once the recommendations are implemented, CastleGarde reassesses the website to ensure all found vulnerabilities have been addressed.