Source Code Review

For embedded code developers, Riscure Source Code Review is one of the most effective ways to identify and remediate security-relevant logical issues in your firmware using a white-box approach. This service is offered for the source code in any programming language and offers you a unique insight into the security state of your software solution. Please select the options in the form below and feel free to get in touch with us, should you have any questions.

What do you get?

Riscure delivers security with business needs in mind by taking a risk-based approach while still identifying a level of assurance on the quality of the code. Riscure Source Code Review is aimed towards security-relevant features, ranging from memory corruption issues, to race conditions, and incorrect input sanitation.

The source code review will result in a list of findings, which will give an indication of the security robustness of the code. It will allow you to develop fixes or mitigations to the found issues. Different options are available to tailor the deliverable to your needs.

Why Riscure?

Riscure differentiates itself from other labs with its extensive knowledge of embedded and chipset security and by performing thorough and innovative security evaluations in an efficient manner. Based on the effectiveness of our service, customers frequently come back to us to build a long-term relationship. We exceed customer expectations by offering extensive expertise in hardware and software security, advanced hardware and software penetration testing skills and state-of-the-art security test tools.

Our Approach

We perform a targeted manual source code review focusing on the most common vulnerabilities and easiest attack paths first. We typically analyze the software for memory corruptions, sensitive information leakage, synchronization and state issues, logical errors in security critical components, HW and SW configuration issues etc.