Source code auditing is a common bug finding method for both offensive and defensive security practitioners. In the security consulting game, coming up to speed quickly on a large, unfamiliar code base is paramount to successful source audits. Tracking source code coverage - which source files and functions have been audited, which still need attention, and which should be avoided - is a useful way to track source audits. This can scale out to assist teams of people in collaboration.

This talk presents a number of source auditing methods and tools. Standard techniques such as bug-clairvoyance, plaintext note taking, `grep strcpy`, and pen-to-paper will be covered. Additional tips and techniques Todd has learned along life’s journey will also be shared. He will cover more formal methods involving C language parsers, relational and graph databases, and other tools of his own divination. Finally, the talk shall present a suite of tools and techniques to apply deeper analysis to function execution, data handling, attack surface identification, and security boundary mapping.