August 2000
Intermediate to advanced
800 pages
21h 5m
English
Content preview from Microsoft® Windows® 2000 Security HandbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Auditing Code
I have mentioned auditing earlier in this chapter. An audit is an actual human trace through the code, looking for problems. Usually audits are done for security, but this doesn't always have to be the case.
Auditing can be a part of the testing process, but I recommend that you consider a security audit to be a completely separate portion of your development cycle.
Someone other than the original author should probably perform a security audit. In large development houses, there can be a separate group that serves this specific purpose.
The Audit Process
Security code auditing, like the audits done by the IRS, should be very involved and should attempt to cover all of the material. An audit process can help an auditor systematically ...