What are common techniques for conducting source code audits?
The most common code audit techniques include manual source code review, application penetration testing, and automated source code analysis. • Manual code review can identify vulnerabilities as well as functional flaws, but most companies do not have the skilled security resources or time available within the software lifecycle that a manual code review requires, and therefore many companies who decide to perform manual code reviews can only analyze a small portion of their applications. • Application penetration testing tries to identify vulnerabilities in software by launching as many known attack techniques as possible on likely access points in an attempt to bring down the application. • Automated source code analysis tools make the process of manual code review more efficient, affordable, and achievable. This technique of code audit results in significant reduction of analysis time, actionable metrics, significant cost savings, and can be integrated into all points of the develop
