A software code audit is a comprehensive analysis of source code in a programming project with the intent of discovering bugs, security breaches or violations of programming conventions. It is an integral part of the defensive programming paradigm, which attempts to reduce errors before the software is released. C and C++ source code is the most common code to be audited since many higher-level languages, such as Python, have fewer potentially vulnerable functions (e.g., functions that do not check bounds).
Contents |
When auditing software, every critical component should be audited separately and together with the entire program. It is a good idea to search for high-risk vulnerabilities first and work down to low-risk vulnerabilities. Vulnerabilities in between high-risk and low-risk generally exist depending on the situation and how the source code in question is being used. Application penetration testing tries to identify vulnerabilities in software by launching as many known attack techniques as possible on likely access points in an attempt to bring down the application.[1] This is a common auditing method and can be used to find out if any specific vulnerabilities exist, but not where they are in the source code.
Some common high-risk vulnerabilities may exist due to the use of:
if ((bytesread = net_read(buf,len)) > 0) buf += bytesread;
[2]statement := "SELECT * FROM users WHERE name = '" + userName + "';"
is an example of a SQL injection vulnerabilityinclude($page . '.php');
is an example of a Remote File Inclusion vulnerabilityThe following is a list of low-risk vulnerabilities that should be found when auditing code, but do not produce a high risk situation.
Source code auditing tools generally look for common vulnerabilities and only work for specific programming languages. Such automated tools could be used to save time, but should not be relied on for an in-depth audit. Applying such tools as part of a policy-based approach is recommended.[3]