摘要
软件中的安全问题一直是困扰软件行业发展的一个难题,为了找出软件中存在的漏洞和安全隐患,人们发明了各种安全性测试方法,但只有源代码级的测试才能深入挖掘软件中的深层次安全问题.从常用的软件测试方法入手,对代码审查中质量审查和安全性审查的不同点进行了比较,并从代码安全性人工走查和代码安全性工具静态分析2个方面对代码安全性审查的方法进行了研究,最后对代码安全性审查未来发展的方向进行了展望.
The security problem in software has always been a puzzle for the development of software industry. In order to find out the security vulnerabilities in the software, various of security testing methods have been invented. However, only source code testing can dig deep into the security problems in software. This paper starts with the common software testing methods, compared the difference of quality audit and security audit,and then studies the method of code security audit from two aspects: artificial walkthrough and static analysis of code security tools. Finally, make a prospect of source code security audit.
作者
贺江敏
相里朋
He Jiangmin;Xiang Lipeng(The 5th Electronics Research Institute of Ministry of Industry and In f ornv~tion Technology)
出处
《信息安全研究》
2018年第11期977-986,共10页
Journal of Information Security Research
关键词
信息安全
源代码
安全审查
缺陷
静态分析
软件安全
information security
surce code
security audit
defect
static analysis
software security
