Source-code Review

Source code analysis reveals hidden threats and weaknesses in the application not easily detected by common penetration tests. After the code review, we'll provide a detailed report of vulnerabilities with specific suggestions.

Secure development and source code review

Code review
We check the security of the provided source code through manual and automated analysis and make recommendations tailored to the application and technology itself.

Advanced white-box
We verify application security through a combination of code security reviews, penetration tests and audits of target applications.

We help clients implement Checkmarx's advanced solutions for automated source code analysis (CxSAST), application composition analysis (CxSCA), and developer training (Codebashing).

Training and consulting
We provide secure development training in both procedural (SSDLC) and technical (secure web application development) areas.​

Advanced white-box

  • An advanced form of white-box testing.
  • Combination of penetration testing, code review and optionally other disciplines.
  • Achieves higher quality and efficiency by combining the forces of ethical hackers with secure development experts.
  • Maximizes the benefits of multiple security disciplines.


  • CxSAST - a tool for automated static source code analysis that can be integrated with a wide range of technologies.
  • CxSCA - a software composition analysis tool aimed at finding vulnerable software dependencies and licensing conflicts.
  • Codebashing - a platform for educating developers on writing secure code.

Training and consulting activities

  • Technical and procedural training.
  • Consultations in the field of secure development.

Case study

One of our leading clients asked us to perform penetration testing on a newly developed mobile app that manages users' financial information. Since the application was developed by a contractor, in addition to verifying security, we were also asked by the client to verify compliance with the criteria that the application was designed to meet.

During the penetration testing, we discovered several very serious authentication and authorization vulnerabilities that could enable an attacker to access the profile and financial information of all users of the product. This very critical data could be exploited by hackers, for example, in phishing campaigns targeting users or in direct attacks on the institution. If this situation were to occur in reality, the company would be at risk of major financial losses, associated loss of client base and reputational damage. However, because the penetration tests were performed in time before the application was published for real-time operation, this extremely serious incident was therefore avoided.

In addition, the analysis of the design and the actual state of the application highlighted some deviations from the agreed requirements. For example, in the area of handling user documents, which is subject to GDPR law, which the contractor had not adequately secured in the application. The client was therefore able to negotiate an expedited free fix within the contract and thus increase the level of security of its mobile application.​


  • When analysing source code, we emphasize manual reviews, which lead to the discovery of more serious errors than conventional automated solutions.
  • Source code analysis reveals hidden threats and weaknesses in the application that are not easily detected by conventional penetration tests.
  • After reviewing the code, we will provide you with a detailed description of the vulnerabilities with specific recommendations for remediation.


Are you interested in more information or an offer for your specific situation?

By submitting the form, I declare that I have familiarized myself with the information on the processing of personal data in ARICOMA.