What is a code audit & why get one?
A software code audit is a comprehensive analysis of source code in a programming project with the intent of checking for quality, discovering bugs, potential security breaches or violations of programming conventions.
If you are investing in a software company or buying software IP you will want to know if the code is of a good standard, is maintainable and if it is secure.
Arrange Call Contact Us
If you are investing in a software company or buying software IP you will want to know if the code is of a good standard, is maintainable and if it is secure.
Arrange Call Contact Us
We will help you to:
Understand the Code
Understand how the code has been written and to what standardLocate Issues
Locate any existing and potential bugs, security issues, and vulnerabilitiesValidate the Code
Validate the current performance and scalabilityREview maintainability
Assess the code maintainability levelWhat we do
We can help determine quality of the source code which can be helpful in determining the value of the software product(s) in question.
We'll audit the code and produce a report detailing our general impressions, annotation and code quality. The reliability, vulnerabilities, maintainability and coverage will also be reviewed.
As part of our reporting we will deliver recommendations for the next 100 days post-transaction, which can help improve the process and delivery of the software.
As part of our reporting we will deliver recommendations for the next 100 days post-transaction, which can help improve the process and delivery of the software.
How we do it
OWASP code audit
We can produce a detailed code audit report fit for the CTO or head of development that will highlight areas of concern and rank them using the DREAD risk assessment model.Dread risk assessment model
DREAD is part of a system for risk-assessing computer security threats. It provides a mnemonic for risk rating security threats using five categories.Security
Acquiring or investing in a software company can be risky. Our security researchers can review your source code to make sure there are no security flaws which would help a user of the software or website gain access to areas they should not, restricted databases, or the potential to include their own code on the website. However, the actual purpose of code auditing is to check whether any functions or techniques are vulnerable. For example C/C++ strcpy () and strcat() can be vulnerable to buffer overflow, or web apps can allow XSS or SQL injection, along with many other potential risks including any client/server messaging. Our web/app pen test can pick up any problems with web-facing applications, but a code-audit is more in-depth and can pick up potential issues which may not currently be visible to the front-end user. See the service section below to view mroe detail on pen-tests and secure code audits.Languages
We have delivered code audits in the following languages: C#, C++, PHP, .Net, Python, Java, JavaScript, SQL, Ruby on Rails, iOS/Swift, Visual Basic.;Experience & Insurance
We have delivered projects from £1m to £300m and have suitable PI insurance for larger transactions.Audit Services
