| cover | coverY | layout | ||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
../../../../../../.gitbook/assets/VirticalBackgroundSkyPenguinLabs.png |
1160.7101662376365 |
|
Code auditing is a pretty popular skillset. Particularly - people that analyze and audit source code for security vulnerabilities are known as Security Analysts.
Source code level analysis is a lot more different than binary analysis and binary auditing as discussed in sections binary-auditing-6.4.0. This is mainly due to the completely different realms of code you are analyzing and the methods of approach you use. For example -
- Source Code Level Analysts - Are going to be looking at RAW source code, not instructions in an application. This is of course, considering the security analyst is NOT doing binary auditing (most of the times, they would just best hand you the source code instead of the binary)
- Source Code Level Analysts - Approach things a bit differently than other binary auditors. Binary auditing requires a series of reverse engineering methodologies and knowledge and a sprinkle of experience to know exactly how you are going to find a vulnerability.
There are also many different things that make up what a security analyst is going to be looking at. These factors will change the route the analyst uses.