Applications on smart cards and embedded devices should follow specific design rules in order to maximise defense against other malicious applications or system attacks. Further, an application should implement its own defenses against side channel attacks in order to complement the security measures taken at lower level of the chip that it is running on (e.g. see this paper for examples).

Riscure performs application source code reviews that include a verification of security design rules, a review for implementation mistakes and an inspection for potential malicious code.