During a traditional vulnerability assessment or penetration testing engagement, the process is conducted with very little or no knowledge of the infrastructure being tested. As all testing engagements have a finite time period in which to complete the various actions it is possible that some vulnerabilities will remain undiscovered. This is especially true in complex web application environments where certain web functions and API calls may be hidden and undiscovered by discovery tools.

For this reason NGTS offer a source code review service that will examine the internal structure and source code of a web application. Depending on the individual requirements of the engagement this will sometimes include building the infrastructure in a lab environment to conduct debugging of the source code.

At the completion of a source code review a comprehensive report will be produced that details any vulnerabilities that were discovered and the level of access that was gained by exploiting the vulnerability. The report will contain proof of concept scripts to demonstrate the exploitation of the discovered vulnerability and also recommendations to remove the vulnerability. NGTS will also provide a technical walk-through of the report to enable on site IT security personnel to fully understand the vulnerabilities and risks discovered.