SpiderLabs Team Overview

SpiderLabs® is the advanced security team at Trustwave focused on application security, incident response, penetration testing, physical security and security research. The team has performed over a thousand incident investigations, thousands of penetration tests and hundreds of application security tests globally. In addition, the SpiderLabs Research team provides intelligence through bleeding-edge research and proof of concept tool development to enhance Trustwave's products and services.

Made up of some of the top information security professionals in the world, the team has career experience ranging from Corporate Information Security to Security Research to Military Cyber Intelligence teams. Members of SpiderLabs frequently speak at security conferences around the world, including Black Hat, DEF CON, OWASP, and SANS.

Code Review Overview

During application code reviews, our specialists work with your internal developers to improve the development process and deliver a more secure product. Trustwave conducts detailed inspections of application source code and assesses the vulnerability of the tools and commercial applications used to create and run the front and back-end services. Trustwave has extensive experience reviewing applications developed in a variety of environments.

Code Review Environments

• ASP, VB .NET, C#, AJAX
• PHP, Ruby, Python, Perl
• Flex , AMF, BlazeDS
• Java, C/C++,
• Fortran, COBOL

Trustwave's analysis will evaluate the source code of your application for vulnerabilities including but not limited to:

• Improper Buffer Checking
• Dynamic Content Creation Issues
• Unintended Operation
• Secure Code Signing
• Input Validation (SQL injection, Command Re-direction, Insecure Automatic Data Inclusion)
• Improper Cryptography
• Unexpected Failure Conditions

The code review culminates in an exhaustive report that details specific areas of application code that need repair in order to maintain a secure system. Trustwave's manual review ensures that your developers receive actionable, prescriptive information specific to your application rather than generic information provided by automated tools.

Trustwave SpiderLabs is a member and active contributor to OWASP. The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted.