Does this sound familiar... "have vulnerabilities been introduced?", "is this architecture scalable?", "will the solution perform under load?", "are we compliant?", "are best practices being used?"… these are questions more and more companies are recognising they need to answer with absolute certainty. Poor software development and illegal software use can be extremely costly.
The Application Assessment and Auditing process involves the use of a number of integrated tools and engineering tasks to identify, de-couple, assess and understand an application in its most granular form. Upon completion of the entire audit process, the application and its related elements are in a position to be leveraged for go-forward engineering, re-engineering, re-writing, re-platforming or re-use.
LayerX offers several types of Application Assessment and Audit activities:
- Source Audit
- Data Audit
- Architecture Audit
- Performance Audit
- Security Audit
The objective of the auditing process to get a clean source code that follows all rules with required documentation.
The process will verify the Coding style and automatically align the source code and apply required style. It will generate list places where the documentation is missing. It will also generate a report of line numbers and describe the potential errors such as null pointer, possible exception and so on. The process will find all the duplicate code found in the project and list them all. Unused or dead code will be found during this automated process and reported. We will measure the Cyclomatic Complexity for each method, reducing complexity improves the performance of the application.
Data Auditing process to verify the Schema / ER Diagram for best practices. We also check possible places for SQL Injection. During this assessment we will advise the possible areas where Stored Procedures can be optimised.
Architecture Audit (assessment)
Architecture Audit is necessary to understand the overall structure of the system and the intent of that structure. This is one of the important process in Application assessment process. There were reasons as to why a particular architecture was chosen, although that reasoning may have been forgotten over the years. The Architecture Audit produces many findings, some mundane and some very insightful and valuable.
The following items are a few examples of what is verified during this process.
- Application Framework
- Application layers
- Generation of Class Diagrams and various other UML diagrams
- Generation of Application overview diagrams for executive level understanding
- Programming paradigms
- Design constraints
During the performance audit, our specialists will help you spot barriers hindering the full performance of your application. When your application is assessed by experienced Java Architects, the underlying cause of performance problems can be quickly identified, and then addressed.
Below are sample components for the Performance Audit:
- Bottleneck identification
- I/O analysis
- Potential Query Optimisation
- OS and file system performance
- Code evaluation relative to coding best practices
- Communication bottlenecks
- Web server performance
- Database analysis
- Query analysis
Security Audit (assessment)
Our Application assessment process has established a set of standard benchmarks for evaluating application security issues.
During the testing process we will test the following:
- Script security analysis
- Cross-site request vulnerabilities
- Header injection
- Session security
- Web Server Configuration analysis
- Output analysis
- Shell execution security analysis
- Penetration testing
- Input filtering analysis
- SQL injection
- Dirty data analysis
- Cross site scripting vulnerabilities