Code audit
A software code audit is a comprehensive analysis of source code in a programming project with the intent of discovering bugs, security breaches or violations of programming conventions. It is an integral part of the defensive programming paradigm, which attempts to reduce errors before the software is released. C and C++ source code is the most common code to be audited since many higher-level languages, such as Python, have fewer potentially vulnerable functions (e.g., functions that do not check bounds).
Guidelines
High-risk vulnerabilities
Low-risk vulnerabilities
Tools
Source code auditing tools generally look for common vulnerabilities and only work for specific programming languages. Such automated tools could be used to save time, but should not be relied on for an in-depth audit. Applying such tools as part of a policy-based approach is recommended.[1]
See also
- Information technology audit
- Defensive programming
- Remote File Inclusion
- SQL injection
- Buffer overflow
- List of tools for static code analysis
References
- ^ "Static analysis at the end of the SDLC doesn't work" by Wayne Ariola, SearchSoftwareQuality.com, September 22, 2008
 | This software-engineering-related article is a stub. You can help Wikipedia by expanding it. |
 | This computer security article is a stub. You can help Wikipedia by expanding it. |