All software has an attack surface: important boundary where bugs may lie.
There are three main techniques used to find bugs in software: source code audits, reverse engineering, and fuzzing. Source code auditors scan code for programmer mistakes. Reverse engineers, working with only the compiled bytes of a program, reverse the internal operations in search of weaknesses. Fuzzing, involves executing and monitoring target applications while semi-valid data is delivered to the interfaces under test.
The appropriate method to utilize when auditing an application for robustness varies based on: audit time frame, source code availability, auditor experience, original programming language, and more.
Copyright VDA Labs, LLC. All rights reserved.