software security assessment (3)
software security assessment or code auditing is an effective form of vulnerability analysis when the source code is available. Briefly, code auditing is the inspection of software’s inputs and looking for vulnerabilities. Code auditing may seem overwhelming at the first glance but there is a methodology that can help you to sort out your steps. Although there are source code analyzer tools that automate this job, from my experience, they cannot be a full replacement for a human code auditing especially to identify design or architecture vulnerabilities. In this category I am going to talk about the areas where a code auditor should look for vulnerabilities and introduce the processes and steps require for code auditing. The methods and process introduced in this category mainly is adopted from those in “The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities” book.
For Software security assessment you need to be familiar with the methodology, tools and code auditing strategies.