Code Audit_Aladdin

User revenue

The quickest and most effective way to ensure code quality is through code auditing

Identify potential safety hazards

Code auditing can inspect all source code of the entire information system, starting from the entire set of source code to a specific threat point and verifying it, in order to identify security vulnerabilities in the overall system.
Enhance safety awareness

Any hidden danger in code audit services may cause the effect of "a thousand mile dike collapsing in an ant nest". Therefore, code audit services can effectively urge management personnel to eliminate any small defects, thereby reducing overall risk.
Improve the security skills of developers

The interaction between code audit service personnel and user developers can enhance the skills of developers. In addition, through professional code audit reports, we can provide security solutions for user developers and improve code security development standards.

The necessity of code auditing

The code audit service has a code coverage rate of 100%

In the risk assessment process, code auditing is a good supplement to general vulnerability assessment. The code audit service has a code coverage rate of 100% and can identify security vulnerabilities that cannot be discovered by security testing. Targeted vulnerability assessment methods are stronger and more detailed than

Aladdin's Principles for Providing Code Audit Services:

★ Confidentiality principle
★ Normative principle

Audit process

Strictly implement the closed-loop process of

Planning preparation stage

Test requirement analysis

Development of testing plan

Test plan review

Test implementation phase

Environment deployment

Source code debugging

Source code scanning

Manual audit

Repair suggestions organized

Test report submission

Regression testing phase

regression testing

Submit retest report

Communication Report

Results submission stage

regression testing

Audit content

Code checking is the most commonly used technique in code auditing work

Source code design

▪ Unsafe domain
▪ Unsafe methods
▪ Unsafe class modifiers
▪ Unused external references
▪ Unused code

Improper handling of errors

▪ Program exception handling
▪ Return value usage
▪ Empty pointer
▪ Log recording

Direct Object Reference

▪ Directly referencing data from the database
▪ Directly referencing the file system
▪ Directly referencing memory space

Resource abuse

▪ Creating, modifying, and deleting unsafe files
▪ Competitive conflict
▪ Memory leakage

Source code design

▪ Unsafe domain
▪ Unsafe methods
▪ Unsafe class modifiers
▪ Unused external references
▪ Unused code

Improper handling of errors

▪ Program exception handling
▪ Return value usage
▪ Empty pointer
▪ Log recording

Direct Object Reference

▪ Directly referencing data from the database
▪ Directly referencing the file system
▪ Directly referencing memory space

Resource abuse

▪ Creating, modifying, and deleting unsafe files
▪ Competitive conflict
▪ Memory leakage

Business logic audit

Logical errors not only require manual detection, but also require the testing personnel to have an understanding of the business before detection. Therefore, before detection, testing personnel often construct a large amount of data for testing to learn the normal logic of the business, and further construct erroneous logical data that may cause business harm, in order to achieve the purpose of logical testing.

Deception password recovery function

Avoid transaction restrictions

Unauthorized defects

The issue of cookies and sessions

Sequential execution defect

Authorize to bypass vulnerabilities

Request replay vulnerability