Service Introduction

Source Code Security AuditIt is a security inspection service that conducts a deep "physical examination" of the underlying code of software through a combination of static analysis technology and manual review. During the software development life cycle, many security risks lurk deep within the code logic, which is commonFunctional testingIt's hard to discover. Through auditing, enterprises can identify high-risk risks such as SQL injection, cross-site scripting (XSS), and logical vulnerabilities from the source. This not only significantly reduces the cost of later repair but also serves as a key defense line for building trusted software and ensuring the security of core data.

As a professional third-party evaluation institution, we strictly follow the national standard GB/T 25000.51-2016 "System and Software Engineering - System and Software Quality Requirements and Evaluation" and the industry security coding specification (GB/T 34944 (C/C++/Java Security Coding), OWASP Top 10, CWE provides services. It integrates automated tool scanning with code review by senior security experts to comprehensively verify the confidentiality, integrity and availability of the code, covering key links such as input verification, identity authentication and session management. On the basis of ensuring the correctness of the functions, focus on investigating security vulnerabilities and backdoors, and ultimately form a detailed oneSource Code Security Audit<Software Test ReportProvide targeted repair suggestions.

Source code security auditing is widely applied in scenarios such as pre-launch security acceptance of software systems in key industries like finance, government affairs, and healthcare, compliance rectification for the assessment of information security standards, and code delivery auditing by developers. We help clients accurately identify code-level security risks, meet industry regulatory compliance requirements, effectively avoid data leakage risks, and lay a solid security foundation for the stable operation of the system.

Test range

Test basis and cycle

Test basis

In accordance with GB/T 25000.51-2016 "Systems and Software Engineering - Systems and Software Quality Requirements and Evaluation (SQuaRE) - Part 51: Quality requirements and test details for ready-to-use software products (RUSP)", requirements specification, contracts, design documents, etc.

Test cycle

It takes 5 to 15 working days. Special requests can be expedited.

Testing process

  1. 01

    Demand communication

    Confirm the system scope, acceptance objectives and report purposes.

  2. 02

    Data review

    Sort out contracts, requirements, configuration items and deployment materials.

  3. 03

    Formulate a plan

    Form an assessment plan, use cases and execution arrangements.

  4. 04

    Carry out the test

    Conduct a tripartite evaluation and verification of the configuration items in accordance with the standards.

  5. 05

    Deliver the report

    Issue test reports and support acceptance and archiving.

Output results

Testing Report

Software Test Report

CNAS CMA
Purpose of the report Acceptance, auditing, bidding and tendering
Report content Test conclusions, basis, and records
Service recipients Government agencies, universities, enterprises and public institutions
Delivery method Electronic scanned copy, paper version
Cover example of CMA/CNAS software test report

Authority

Form a reviewable third-party testing conclusion based on the CNAS national accredited laboratory qualification, testing basis and execution records.

Traceable

Retain records of test cases, software defects, retests and inspection results, and adapt to the archiving of information-based acceptance materials.

It can be placed on the ground

The software test report expression is oriented towards review, expert acceptance and project management units, reducing the cost of secondary interpretation.

Service advantages

CMA/CNAS national recognized testing capabilities

Establish standardized processes around software evaluation, informatization acceptance, and the delivery of third-party software test reports. The reports should be clearly expressed, facilitating review and archiving.

1000+ Cumulative issuance of reports
30+ Covering industry fields
99% Report acceptance pass rate
10"Year +" Experience in testing services

CMA/CNAS qualification

The report is stamped with the CMA metrological certification and CNAS accreditation marks, which have legal effect and directly meet the requirements for project acceptance and auditing.

Independent third party

The testing institution has no interest connection with the developer or the client. The testing process operates independently and the conclusions are true and reliable.

Fair and objective

Strictly in accordance with national standards and contractual agreements, the test conclusions are not subject to interference by the client and can stand up to review and re-examination.

Serve the whole country

Support remote and on-site detection of software projects across the country, standardize service processes, and ensure consistent report quality.

Relevant successful cases

Functional and code audit acceptance test for the development (flight test stage) of the integrated underwater acoustic communication and release equipment of Harbin Engineering University (College of Underwater Acoustic Engineering)

Functional and code audit acceptance test for the development (flight test stage) of the integrated underwater acoustic communication and release equipment of Harbin Engineering University (College of Underwater Acoustic Engineering)

The development of the integrated underwater acoustic communication and release equipment (flight test stage) was tested in two aspects: functionality and code auditing. Through strict execution of tests, including initial tests and regression tests, a software test report was issued.

Code Audit Project of Underwater Communication and Direction-finding System of Harbin Engineering University

Code Audit Project of Underwater Communication and Direction-finding System of Harbin Engineering University

This system is provided by Harbin Engineering University and mainly includes dynamic libraries of underwater positioning algorithms, dynamic libraries of underwater communication algorithms and other algorithms. Functional tests and source code tests are conducted on them. (Development languages: C, C++, development platforms: windows 7, windows 10) Conduct tests in accordance with the test outline: underwater positioning algorithm test outline, underwater communication algorithm test outline.

Acceptance test for the code audit project of image processing software for night vision auxiliary perception devices

Acceptance test for the code audit project of image processing software for night vision auxiliary perception devices

The code audit project acceptance test of the image processing software XJ_YSFZ001-VER1.1-2022-11-14 for night vision auxiliary perception devices was conducted. Acceptance tests were carried out on its functionality and information system code security aspects. Through strict execution tests, including initial tests and regression tests, a software acceptance test report was issued.

Solution entry

Software Test Report for the Final Acceptance of Scientific and Technological Research projects

The conclusion and acceptance of scientific and technological research projects require software testing reports. The conclusion and acceptance report should formulate testing plans and strategies in accordance with the requirements of project conclusion and acceptance. Only in this way can the conclusion and acceptance of scientific research projects be meaningful. The content of the software testing report covers the main technical indicators such as functions, performance, and security. A high-quality testing report can not only help the project to be concluded smoothly It can also lay a foundation for the subsequent transformation of achievements.

Software Project Acceptance Test Report - CNAS Software Inspection

The acceptance testing of software research projects covers multi-dimensional assessment requirements such as functionality, performance, and security. The acceptance process of software research projects follows the GB/T 25000.51-2016 standard. The cover of the software test report is stamped with the CNAS logo, and the test report is guaranteed by national authoritative qualifications, which helps the project to be accepted smoothly and improves the quality of the software.

Software acceptance testing for Internet of Things (iot) intelligent devices

By providing software acceptance testing solutions for Internet of Things (iot) smart devices, the software quality and network security of iot products are guaranteed. The key elements of software acceptance testing: functional testing, performance testing, security and privacy testing, compatibility testing, and user experience testing. These elements jointly ensure the overall quality of Internet of Things products.