Audit of the software code according to the security demands means structural testing of the software for the purpose of detecting vulnerabilities occurred at the stage of the system implementation. Availability of the original texts of the programs and their specifications shall be the condition to carry out the audit of the code security.

Generally, the audit of the code security means the iterative process including measures of planning, conduction of the analysis, development of the advice on the program and documentation rework.

That is the most effective method of the software security enabling to detect the most of the problems, drawbacks and vulnerabilities in the programs and having wider cover in comparison with the intrusion test, because the auditor shall have the access both to the complete application and its source code. In the process of secure software development (SDL) the code audit shall be the compulsory practice at the stage of the development and launch of the software.


Audit of the source code security enables:

  • to determine vulnerabilities and security imperfections of the application architecture;
  • to use the vulnerable components from the outside libraries;
  • to detect the bookmarks left by the developers deliberately and/or accidently;
  • to determine compliance of the code with the platform standards or programming language.