Source code audits
What is source code auditing?
Source code audits check the level of security of one or more components of an information system. A source code review is thus a crucial step in identifying the implementations targeted by the analysis and assessing their conformity .
The main objective is to evaluate the programming safety of the code in order to ensure that the rules of good practice in terms of specification and design have been respected:
- Use of consistent naming conventions so that the programmer easily understands the role of each function and parameter (maintenance and maintainability)
- Level of opacity of information (no disclosure of sensitive information)
- Ease of use (control of operation sequencing)
- A sampling phase to identify the sensitive points of the application and guide the security analysis, based in part on the architecture analysis.
- A security analysis that draws on the auditor's expertise to identify deviations from programming best practices and vulnerabilities, as part of the overall audit.
- manually analyze the code for those functions identified as critical, and to yield our informed opinion on the security of the function as implemented
- analyze relevant results from automated tools to identify whether they have an impact on security or are the result of programming errors.
- C / C++