Source code audits
What is source code auditing?
Source code audits check the level of security of one or more components of an information system. A source code review is thus a crucial step in identifying the implementations targeted by the analysis and assessing their conformity.
- Use of consistent naming conventions so that the programmer easily understands the role of each function and parameter (maintenance and maintainability)
- Level of opacity of information (no disclosure of sensitive information)
- Ease of use (control of operation sequencing)
- A sampling phase to identify the sensitive points of the application and guide the security analysis, based in part on the architecture analysis.
- A security analysis that draws on the auditor’s expertise to identify deviations from programming best practices and vulnerabilities, as part of the overall audit.
- manually analyze the code for those functions identified as critical, and to yield our informed opinion on the security of the function as implemented
- analyze relevant results from automated tools to identify whether they have an impact on security or are the result of programming errors.
- C / C++