We are having a new site developed by outsourced programmers and would like to have the code reviewed for any “security” issues before going live.
What is the best way to do this?
Best way is to talk to real specialists (web security experts). DIY in the solution especially if your outsourced programmers lack ethical hacker skills.
Let me know if you are interested.
I guess for better results you should get it done from White Box Testers
There are plenty of security consultants/firms that will do code audits.
I can’t recommend any, but perhaps if you ask around your tech and web savvy friends. You can search for them too, but then you have to figure out whether they are good at what they do.
check out sans.org they have lots of really great info on this issue.
Application Security Procurement Language
http://www.sans.org/appseccontract/
The whitepapers are excellent.
If just looking for a 3rd party vendor
http://www.sans.org/security-resources/vendor_directory/
Hire a web security expert or try attacks using software such as acunetix.