|
|
|
|
|
|
by chrisrohlf
4404 days ago
|
|
|
This depends on a couple of different things. The most important of which is "at what stage of development is the application? (i.e. how mature and well tested is this code)". Software Development Life Cycle (SDLC) processes are great when followed from the start. When they are applied long after the first 100k+ lines of code are written then its harder. A typical code audit for us (I do this professionally at http://leafsr.com) involves some threat modeling, attack surface enumeration, manual data-flow and taint analysis ("where does untrusted data come into this application and how is it handled") and finally just reading the code. Timing and scope will heavily influence how deep you can go. 1 week on OpenSSH will probably get you nothing, 6 weeks on OpenSSL will definitely get you something. (edit: expanded on what is most important) |
|
|