Cybersecurity Technologies

Application Security

Secure&IT » Cybersecurity technologies » Static and dynamic code audits

Static and dynamic code audits

Static code auditing

Static code analysis is the process of evaluating software without executing it and consists of finding parts of the code that may: reduce performance, cause bugs in the software, complicate data flow, have excessive complexity or pose a security problem.

There are two types of static code analysis. On the one hand, there is the automatic analysis performed by a computer program on the code and, on the other hand, there is the manual analysis performed by an expert auditor.

The possibilities for code improvement do not stop here. There are other techniques that we can use to improve the source code of the application and, with it, the software that users use as a final product:

  • Tests: these are a series of processes that allow verifying and checking that the software meets the objectives and requirements for which it was created. Their mission is to find errors before the final software is used by the users.
  • Profiling: this involves analyzing the performance of the software while it is running, determining which resources are being used at any given moment by the different parts of the software. The objective is to identify which parts of the code imply a greater load for the system and, thus, to be able to act accordingly.

Keep in mind that static code analysis does not allow us to know whether the software will do what is expected of it or not. We can analyze the source code and find out how to improve it, but we will not know if it does what it is supposed to do or something totally different and unexpected.

 

Dynamic code auditing

Dynamic code analysis is a type of software analysis that involves running the program and observing its behavior (as opposed to static analysis techniques that do not run the software).

As with static code analysis, code could be analyzed automatically or manually. For dynamic analysis to be effective, the analyzed program must be run with enough test cases to produce interesting behavior. Various software testing strategies can be used to achieve this.

If you need more information about any of our services, please contact us.

LET'S TALK!
error: ¡Lo sentimos! El contenido de esta web está protegido.