Source Code Review and Penetration Testing Services.

Futureized

Futureized

Skilled
Anyone has any idea about Source Code Review and Penetration Testing Services Provider in India/abroad ?
A friend got development work for a site and the company wants to perform this 2 additional services.

Got this link https://pentest-tools.com/pricing#plans about penetration testing services (client is more keep on vulnerability testing).

Have not found anything for source code review yet.
 
Well ...quite a few tools for Bug Bounty Hunters, Penetration Testers, Security Consultants and Auditors, Sysadmins and Network Admins, Web Developers, Testers . however more reputed ones are available ..the source is more on Cloud, SaaS, Web-Based...
 
Well bro SonarQube is more like Code Quality Assurance tool that collects and analyzes source code...not ideal for Pen test and Hunters ...
 
desiibond said:
You still need to write test cases.
Click to expand...
Code quality, bad smells, vulnerabilities can still be assessed without unit/integration tests. Those are only needed to determine code coverage but yes that's essential part of development.
Ankit2306 said:
Well bro SonarQube is more like Code Quality Assurance tool that collects and analyzes source code...not ideal for Pen test and Hunters ...
Click to expand...
OP asked Source Code Review and Penetration Testing Services. At least the former can be done with SQ.
 
Quite a good option as Nessus scans cover a wide range of technologies including operating systems, network devices, hypervisors, databases, web servers, and critical infrastructure if i am not mistaken .
 
He is considering this https://pentest-tools.com/pricing Basic Package for 110 US$
Includes following:

Tools
Web vulnerability scanners
Network vulnerability scanners
Offensive tools
Reconnaissance tools

Targets / scans
Maximum number of targets
Maximum parallel scans

Features
Automation capabilities
Two-Factor Authentication (2FA)

Reports
Export simple reports (PDF, HTML, CSV)
 
Ankit2306 said:
Well bro SonarQube is more like Code Quality Assurance tool that collects and analyzes source code...not ideal for Pen test and Hunters ...
Click to expand...
and let you plan Technical Debt the project has and how to tackle it? This has integrations with Build tools or CI/CD tools so all the observations or notes will be put into Issue Tracker/JIRA
vishalrao said:
I've heard of Coverity source code analysis...
Click to expand...
I have used this one and SonarQube.
 
booo said:
A good friend of mine owns https://paralok.com/
Contact them. As for tools like owasp and sonarqube; it is better if these tests are done by third party and not the devs themselves.
Click to expand...
While I agree with the third party point, I would like to share my experience - whenever I dealt with any CISO/Info Sec for any of the Client projects - they were pleased to see sonarqube recommendations implemented and never had run-in with them.

Thanks for the website share through.
 
SonarQube is a very heavily used asset in the enterprise. I'm working in a International Fintech company which caters to international banks across US and EU for prepaid cards and payment services. Our product source code is all setup to go through SonarQube analysis and recommendations are being implemented.
Eventually there are little to no issues in pen-testing later because the heavy work is already done during development phase, thanks to sonar integration with CI pipelines and that's why I recommended that initially.

That said, Zero day vulnerabilities are excluded and no one is safe from that, not even paid services.
 
booo said:
A good friend of mine owns https://paralok.com/
Contact them. As for tools like owasp and sonarqube; it is better if these tests are done by third party and not the devs themselves.
Click to expand...
Wondering why there contact form is only limited to 250 characters only?
Sorry, but dropped this for now.
Thanks for all the help received in this question, approached one company from all suggestions received.
Probably, will finalize the deal.
Also received replies on freelancing sites, but there are not professionals (most individuals without much information on both testing and source code review)
 
Last edited:
Back
Top