Viability for extending or modifying functionality of the software
Reasonability for integration with other platforms or modern systems
Reviewing potential security or reliability risks
Scaling of the software to a broader user base
Ensuring maintainability—the ease, cost and risk associated with keeping software up-to-date
Identifying the level of technical debt
What does it include?
The effort includes a review of the application architecture, technology stack and source code. Manual code inspection, exploratory testing and automated static analysis tools are used to evaluate application maturity and suitability for desired enhancements. Findings may include potential issues in the areas of code quality, security, maintainability, scalability and testing.
Key factors considered
We employ automated analysis tools and industry measures such as Cognitive Complexity, yielding method complexity scores that result in fairer relative assessments than have been previously available. Key factors considered include:
Maintainability and Extensibility
Code maintainability is a qualitative measurement of how easy it is to make changes, and the risks associated with such changes. The central theme of extensible applications is that developers should be able to add new features to code or change existing functionality without it affecting the entire system. Specific areas we look for are complexity, testability, readability and documentation to answer the question: Is it obvious and safe for a developer to make changes to the code?
Security
Ensuring the code meets current security standards and best practices for authentication, authorization, user roles, data validation, and cryptography. In essence, are there vulnerabilities making it easy for a malicious user to circumvent or break the system?
Performance
Here we evaluate the user experience, runtime performance, database query and algorithmic complexity. We look to identify whether there are obvious areas for improving perceived user performance and experience.
What doesn’t it include?
Review of specific application functionality for individual use cases.
What will you get upon completion?
Upon completion, Envative will deliver a comprehensive review of findings to include:
Apparent security concerns including a list of potential vulnerabilities, missing information, security best practices and actionable recommendations
Reasonable options for achieving intended goals
Summary of the overall architecture and code structure findings
General recommendations for improvement
Issue/goal-specific recommendations
Future design considerations
Key Takeaway
A code review engagement with Envative will result in an objective and well-informed understanding of the software that's running the business and its positioning for desired enhancements or other future business goals.