Professional Cyber Penetration Testing Experts
Talk to a Cyber Security Expert: +603 8605 0155

Source Code Review

What is Source Code Review?

Source code review, also known as Security Code Review is the process of auditing the source code for an application to verify that the proper security controls are present, that they work as intended, and that they have been invoked in all the right places. Code review is a way of ensuring that the application has been developed so as to be “self-defending” in its given environment.

There are vulnerabilities that may not be uncovered during the process of penetration testing, security code review is the best avenue to uncover those vulnerabilities. Some of these application vulnerabilities may be introduced by the application developer either knowingly or unknowingly, such as application “Ester Eggs”, Logic Bombs and even Backdoors.


At LGMS, all security code reviews are professional done in a combination of human effort and technology support.
A heavy emphasis from our part is the qualification of the code reviewer. All of our code reviewers have application development background and specialize in different programming languages respectively.

LGMS always believe that Human reviewers are necessary to fill in for the significant blind spots where automated tools simply cannot check.

All security code review reports are 100% meeting the compliance requirements of PCI DSS, Monetary Authority of Singapore (MAS) Technology Risk Management Guidelines, Association of Banks in Singapore (ABS) Cloud Computing Implementation Guide.

Special Security Assurance

LGMS has established an official affiliation with TÜV Nord Malaysia to introduce the Secured Software Assurance program.
Beginning of August 2016, LGMS client will have an option to obtain third party security assurance on the source code review results completed by LGMS. A special certificate will be issued by TÜV Nord will be presented to LGMS client once their source code are free from any security vulnerabilities.

Source: MIS-Asia (September 6, 2016)

Photo - LGMS executive director and senior IT security consultant Fong Choong Fook (left) after sealing the partnership with TÜV Nord Malaysia general manager Bill Kong in collaboration on Source Code Review project

Photo – LGMS executive director and senior IT security consultant Fong Choong Fook (left) after sealing the partnership with TÜV Nord Malaysia general manager Bill Kong.

About TÜV Nord

Founded in 1869 and headquartered in Hanover, Germany, inspections, certification and testing organisation TÜV NORD Group provides a broad range of advisory, service, and testing services in the mobility, industrial services, international, natural resources and training and human resources fields.

What Programming Languages Expertise Do We Have?

As of January 2016, we have reviewed more than 10,500,000,000 lines code ands the numbers are still growing. LGMS security code reviewers are well verse in the following programming languages:

  • Java
  • C#
  • C/C++
  • VB.NET
  • VB6
  • VB5
  • Visual C
  • JavaScript and commonly used frameworks
  • Node.JS and commonly used frameworks
  • VBScript
  • PHP
  • Perl
  • ASP
  • ASPX
  • Apex and VisualForce
  • Ruby
  • HTML5
  • Python
  • Scala
  • Groovy
  • Android (Java)
  • Objective C
  • Swift
  • PhoneGap and commonly used frameworks

A general rule of thumb is that a penetration test should not discover any additional application vulnerabilities relating to the developed code after the application has undergone a proper security code review.

Contact Us

LGMS / LE Global Services Sdn. Bhd. (700472-M)
LGMS @ Asia Cybersecurity Exchange
A-11-01, Empire Office Tower,
Jalan SS16/1, Subang Jaya,
47500, Selangor, MALAYSIA
Tel: +603 - 8605 0155
Fax: +603 - 8605 0154