Code Review

Manual Code Review

I read your code line by line, focusing on the areas where security bugs actually live: authentication and session handling, authorisation checks, input validation and output encoding, cryptographic usage, and data exposure through logging or error messages. The review covers security anti-patterns specific to your language and framework — not generic advice that could apply to any codebase.

Secure Development Guidance

Beyond finding bugs, I help your team write more secure code going forward. This means integrating security checks into your development workflow, recommending framework-level protections, and coaching developers on common pitfalls in your stack. The goal is fewer findings in the next review, not a recurring dependency on external reviewers.

SAST Integration

I help set up and tune Static Application Security Testing tools in your CI/CD pipeline. This includes selecting the right tool for your stack, writing custom rules for your codebase, and — critically — managing false positives so your team doesn't learn to ignore the alerts. A SAST tool that produces noise is worse than no tool at all.

Remediation Support

After the review, I stick around to help fix what was found. This includes verifying that patches actually resolve the issue, suggesting implementation approaches for non-trivial fixes, and re-reviewing changed code. You get a final confirmation that the findings are resolved, not just a report and a handoff.