IOActive manually audits client source code to identify vulnerabilities. We then provide detailed documentation of location and nature of each problem we find, and advise developers on how to address the immediate problem, and avoid similar problems in the future. Because software development is evolutionary and iterative, IOActive recommends that the code audit function reflect the structure of the development process, and include audit checkpoints for each of the major product stages (e.g., alpha, beta, release-candidate, etc.) In addition to source code review, IOActive examines vulnerable points in design (such as legacy interoperability) for design flaws that may result in a security compromise. IOActive works with client development teams to help them ensure that their products are demonstrably hardened against attack, designed and built based on relevant analysis of risks, threats, and exposures, and appropriately tested to meet their defined security criteria and functionality requirements.

IOActive consultants have years of code auditing experience, and routinely assist organizations with highly complex and advanced application security challenges.

• Application Code Review {C/C++, .NET, JEE, Delphi, ASM, Perl}
• Web Application Code Review {ASP.NET, C#, JEE, PHP}
• Black Box Application Pen-Test
• Product Evaluation and Recommendation {white/black}
• Reverse Engineering Software and Protocols
• DRM Testing
• Fuzz Testing // Application and Protocol
• M&A due diligence