L
L
Lrest2015-01-26 01:40:16
symfony
Lrest, 2015-01-26 01:40:16

How is a freshly finished site/code audited?

1) - When you hire an audit, how much does it cost approximately and what does it include (well, in general, the verification mechanism)?
2) - And are there any agreements of this kind: that, for example, the price of an audit is $50 and for each error found there is a bonus, for example, $10, etc., then in this situation, it seems to me that there will be a real audit and search for errors ) and not just sat for 2 minutes, looked at the code, and in a week he will say "everything is clear there!"

Answer the question

In order to leave comments, you need to log in

2 answer(s)
S
sakuradaj, 2015-01-26
@sakuradaj

2) It depends what you mean by errors - after all, this is a very relative thing, they are in any code (even the most popular applications) and, if desired, you can pick up a lot of them, both small and vulnerabilities, but the question is do you really need it so much?
This is called code review and it is one of the means to improve the quality of the product and it would be foolish to hope that this will help you get rid of at least half of the errors, which, in turn, can only appear during the application.
Here it is desirable to have unit and functional tests for convenient support in the future.
Well, plus to carry out manual functional testing (but not to trust it to the programmer who works in the project and in general it is desirable for any programmer, they are bad testers).
I think that you are looking for some simple golden solution that will help solve your problem, so that someone would tell you that everything is OK, but everything is not so simple, so you can get the illusion that you understand and control the situation. Look for an experienced person who knows the whole development process well and how it is done.

Антон Шаманов, 2015-01-26
@SilenceOfWinter

Чаще всего под аудитом сайта понимается проверка безопасности (в сети масса сканеров sql инъекций и подобного добра) и валидность верстки, ошибка весьма растяжимое понятие, например, тормозной код это тоже ошибка, но не критическая. Опять же придется документировать и описывать каждый найденный баг, писать доп. тесты, а с принимающей стороны должен быть человек который шарит в коде, но зачем им сторонний программист если за ним придется приглядывать кодеру фирмы?

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question