Our code-audit services help investors manage quality and security risks associated with investing in a software company.
A software code audit is a comprehensive analysis of source code in a programming project with the intent of checking for quality, discovering bugs, potential security breaches or violations of programming conventions
If you are investing in a software company or buying software IP you will want to know if the code is of a good standard, is maintainable and if it is secure. We will help you to:
We can help determine quality of the source code which can be helpful in determining the value of the software product(s) in question.
We'll audit the code and produce a report detailing our general impressions, annotation and code quality. The reliability, vulnerabilities, maintainability and coverage will also be reviewed.
As part of our reporting we will deliver recommendations for the next 100 days post-transaction, which can help improve the process and delivery of the software
Acquiring or investing in a software company can be risky. Our security researchers can review your source code to make sure there are no security flaws which would help a user of the software or website gain access to areas they should not, restricted databases, or the potential to include their own code on the website. However, the actual purpose of code auditing is to check whether any functions or techniques are vulnerable. For example C/C++ strcpy () and strcat() can be vulnerable to buffer overflow, or web apps can allow XSS or SQL injection, along with many other potential risks including any client/server messaging.
Our web/app pen test can pick up any problems with web-facing applications, but a code-audit is more in-depth and can pick up potential issues which may not currently be visible to the front-end user.
We have delivered code audits in the following languages:
C#, C++, PHP, .Net, Python, Java, JavaScript, SQL, Ruby on Rails, iOS/Swift, Visual Basic.