We perform security audits for Web and SaaS applications involving the auditing of source code in Java, C #, Ruby and Pyhon.

The aim of this audit is to check the source code or solution takes advantage of best practices and standards of professional conduct, accepted and adopted by the professionals creating similar solutions.

During the audit we are looking for potential sources of problems at least in the following areas:

• Authentication,
• Authorization,
• User session management,
• Cross-site request forgery,
• SQL injection,
• User and password management;
• Protection of personal data (eg lists of subscribers)
• Administrative panel security,
• Poka-yoke (protection against problems arising from errors)

These areas and potential problems which occur in them, are known to professionals and are well documented in professional articles for creating software and web applications.

As a result, we prepare an audit report which contains:

• A description of the risks associated with improper preparation of the solutions in these areas;
• Information about all the places that have passed the audit with negative results;
• Information on selected and relevant solution portions that have passed the audit with a positive result, and
• The conclusions of the assessment.

During the audit we review the code. Evaluation the of code quality, and the degree of compliance with the standards and professional practices is subjective, supported by our 10 years experience in the construction of information systems in different technologies.

Following a review we assess the security of a solution in general, recommend what to change, how to improve the quality and what defects should be corrected before a solution will go live. We also show what are the risks of deploying the solution without changes.