software security assessment (3)

software security assessment or code auditing is an effective form of vulnerability analysis when the source code is available. Briefly, code auditing is the inspection of software’s inputs and looking for vulnerabilities. Code auditing may seem overwhelming at the first glance but there is a methodology that can help you to sort out your steps. Although there are source code analyzer tools that automate this job, from my experience, they cannot be a full replacement for a human code auditing especially to identify design or architecture vulnerabilities. In this category I am going to talk about the areas where a code auditor should look for vulnerabilities and introduce the processes and steps require for code auditing. The methods and process introduced in this category mainly is adopted from those in “The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities” book.

For Software security assessment you need to be familiar with the methodology, tools and code auditing strategies.

Latest Articles

Vulnerability analysis

Friday, 17 April 2015 00:00 Written by
Vulnerability analysis Vulnerability analysis of a source code is a daunting task especially if it is your first time! There are thousands of questions in your mind: Were should I begin my vulnerability analysis? What should I look for? Should I go deep and jump from one function to the…

threat modeling

Monday, 13 April 2015 00:00 Written by
Threat Modeling Where to seek for vulnerability? The main concentration in threat modeling is inputs and data flow in the system. A code auditor should identify all the inputs and the paths originating from them. Sometimes a vulnerable method cannot be reached by the normal path the developer assumed but…

Popular Articles

Vulnerability analysis Vulnerability analysis of a source code is a…
integer overflow c | buffer overflow in c | buffer…
Threat Modeling Where to seek for vulnerability? The main concentration…
Advanced Programming Concepts
News Letter

Subscribe our Email News Letter to get Instant Update at anytime