Preparing for an Audit

Last updated 6 months ago

So, you're ready for an audit. Congratulations!

If you've made it to this step, you've put in a lot of hard effort and time developing your application and are ready to lock it down and show the world. The only thing that stands in your way is obtaining a security audit for your project.

What is a Security Audit?

A security audit is the process of obtaining an expert, 3rd party review of your project intended to find as many bugs as possible that have the capability of compromising your application, subverting or stalling execution of its logic, and subjecting assets of high value in your application to unintended behaviors such as theft, destruction, or inaccessibility.

A security auditor's job is to use all of the tools in their toolbox to attempt to discover vulnerabilities like those mentioned above in a reasonable time frame in preparation for a public release that will subjugate your application to the harsh realities of the real world. If your auditor cannot discover any vulnerabilities after that time period it simply means you have a reasonable degree of certainty that your application is secure enough to survive against that degree of expertise for as long as they were given to perform the audit.

The successful conclusion of an audit is NOT the last step in the process of ensuring security in your application. In fact, there is no last step, because security is a continuous process, and you should be constantly judging whether new knowledge or conditions change the determination that your application is safe enough for your customers to use. Rest assured that if you don't do this, then others will do it for you. In fact, public consensus networks like Ethereum make it extremely easy and profitable for others to find and exploit vulnerabilities in your code for their own personal gain.

How do I get one?

What an auditor needs to do their job effectively is to quickly understand exactly what it is your project is trying to achieve, and under what level of rigor you are looking to qualify it to. The auditor needs several things in order to achieve that understanding. After reading this section, you will build and submit an audit prep report to the auditor, which contains a summary of all the things the auditor will need to begin their work and perform it successfully.