Synopsis

• Review documentation, designs, development standards.
• Interview developers as required.
• Analyze inputs and data paths, map out security-critical code paths.
• Assess software against best practices to identify specific vulnerabilities and patterns of insecure coding.
• Full written assessment with general recommendations, weekly and final detailed reports of all vulnerabilities found.

Matasano's Advantages

Matasano team members have written hundreds of thousands of lines of shipping commercial software and, in reading and auditing hundreds of thousands more, have published scores of security advisories. Vulnerabilities discovered by Matasano consultants include some of the most important ever found. Our competitive advantages in code review include:

• More practical experience auditing code, per team member, than virtually any other services organization.

• Experience shipping commercial software and working within development teams enables us to communicate convincingly and effectively with development teams in high-pressure environments.

• Fluency in and experience shipping code on most major application development platforms, including Win32 and Unix C, C++, Java, Perl and Python.

• Key contributors to important security scanner products, including those offered by ISS and Network Associates, enables us to demonstrate flaws, classify and prioritize vulnerabilities, and explain their impact convincingly and effectively.

• A practice built on deep experience and thought leadership, rather than on automated tools and scripted methodologies.

Typical Staffing & Delivery

• Medium-Long Term (3-6 month) Engagement
• Full-time, On-site delivery
• Rotating (4-8 week interval) team of consultants
• Regular written deliverables