19 - Audit Techniques
Audit Techniques involve a combination of different methods that are applied to the project codebase with accompanying specification and documentation.
Many are automated analyses performed with tools and some require manual assistance.
- Specification analysis (manual)
- Documentation analysis (manual)
- Testing (automated)
- Static analysis (automated)
- Fuzzing (automated)
- Symbolic checking (automated)
- Formal verification (automated)
- Manual analysis (manual)
One may also think of these as manual/semi-automated/fully-automated, where the distinction between semi-automated and fully-automated is the difference between a tool that requires a user to define properties versus a tool that requires (almost) no user configuration except to triage results.
Fully-automated tools tend to be straightforward to use, while semi-automated tools require some human assistance and are therefore more resource-expensive.
- Manual/Automated
- Specification
- Documentation
- Testing
- Static Analysis
- CombinationFuzzing
- Symbolic Checking
- Formal Verification
- Manual Analysis