A code review is useful when an organization is unsure of the current state of their software application(s) and would like to have it evaluated to determine factors that will impact current or future business decisions such as:
Viability for extending or modifying
functionality of the software
Reasonability for integration with
other platforms or modern systems
Reviewing potential security or
Scaling of the software to a broader user base
Ensuring maintainability - the ease, cost
and risk associated with keeping
Identifying level of technical debt
What does it include?
The effort includes a review of the application architecture, technology stack and source code. Manual code inspection, exploratory testing and automated static analysis tools are used to evaluate application maturity and suitability for desired enhancements. Findings may include potential issues in the areas of code quality, security, maintainability, scalability and testing.
Key factors considered
We employ automated analysis tools and industry measures such as Cognitive Complexity, yielding method complexity scores that result in fairer relative assessments than have been previously available. Key factors considered include:
Maintainability and Extensibility
Code maintainability is a qualitative
measurement of how easy it is to make changes, and the risks associated with such changes. The central theme of
extensible applications is that
developers should be able to add new features to code or change existing functionality without it affecting the
entire system. Specific areas we look for are complexity, testability, readability
and documentation to answer the
question: Is it obvious and safe for a
developer to make changes to the code?
Ensuring the code meets current security standards and best practices for authentication, authorization, user roles, data validation, cryptography. In essence, are there vulnerabilities making it easy for a malicious user to circumvent or break the system?
Here we evaluate the user experience, runtime performance, database query and algorithmic complexity. We look to identify whether there are obvious areas for improving perceived user performance and experience.
What doesn’t it include?
Review of specific application functionality for intended use cases.
What will you get upon completion?
Upon completion, Envative will deliver a comprehensive review of findings to include:
Apparent security concerns including a list of potential vulnerabilities, missing information, security best practices andactionable recommendations.
Reasonable options for achieving intended goals.
Summary of the overall architecture and
code structure findings.
General recommendations for improvement.
Future design considerations.
A code review engagement with Envative will result in an objective and well-informed understanding of a business’s Mobile App(s) code and its positioning for desired enhancements or other future business goals.