Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Bishop Fox Secure Code Review Methodology

Overview of Bishop Fox’s methodology for Secure Code Review.

Preview of Bishop Fox Secure Code Review Methodology cover page on dark purple background.

Learn the Bishop Fox approach to Secure Code Review.

Bishop Fox’s Secure Code Review methodology identifies code-level vulnerabilities by combining automated and manual testing techniques. 

Assessments begin by understanding the architecture by performing a detailed analysis of the applications underlying construction. Next, the assessment team analyzes the software composition to inventory the open-source components and flag potential issues. The team then performs a static-code analysis by executing an automated review against all customer developed codebases. Finally, the team manually validates the automated findings confirming automated results and identifies issues within critical functionality including security-related components. The methodology outlined in this document provides a detailed look at the step-by-step process and delineation of responsibilities.

The methodology provides an overview of the following Secure Code Review phases:

  • Pre-assessment
  • Comprehensive manual code review
  • Analysis & Reporting

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.