Skip to content

Latest commit

 

History

History
101 lines (101 loc) · 10.2 KB

6. Audit Techniques and Tools 101.md

File metadata and controls

101 lines (101 loc) · 10.2 KB
Raw
  1. Audit
  2. Audit Scope
  3. Audit Goal
  4. Audit Non-goal
  5. Audit Target
  6. Audit Need
  7. Audit Types
  8. Audit Timeline
  9. Audit Effort
  10. Audit Costs
  11. Audit Prerequisites should include
  12. Audit Limitations
  13. Audit Reports
  14. Audit Findings Classification
  15. Audit Findings Likelihood-Difficulty
  16. Audit Findings Impact
  17. Audit Findings Severity
  18. Audit Checklist For Projects
  19. Audit Techniques
  20. Specification analysis
  21. Documentation analysis
  22. Testing
  23. Static analysis
  24. Fuzzing
  25. Symbolic Checking
  26. Formal Verification
  27. Manual analysis
  28. False Positives
  29. False Negatives
  30. Audit Firms (representative; not exhaustive)
  31. Smart contract security tools
  32. Categories of security tools
  33. Slither
  34. Slither features
  35. Slither Detectors
  36. Slither Printers
  37. Slither upgradeability checks
  38. Slither Code Similarity Detector
  39. Slither contract flattening tool
  40. Slither format tool
  41. Slither ERC conformance tool
  42. Slither property generation tool
  43. Slither new detectors
  44. Manticore
  45. Echidna
  46. Echidna Features
  47. Echidna Usage
  48. Eth-security-toolbox
  49. Ethersplay
  50. Pyevmasm
  51. Rattle
  52. Evm_cfg_builder
  53. Crytic-compile
  54. Solc-select
  55. Etheno
  56. MythX
  57. MythX process
  58. MythX tools
  59. MythX coverage
  60. Mythx SaaS
  61. MythX privacy
  62. MythX running time
  63. MythX Software
  64. MythX pricing
  65. Scribble
  66. Fuzzing-as-a-Service
  67. Karl
  68. Theo
  69. Visual Auditor
  70. Surya
  71. SWC Registry
  72. Securify
  73. VerX
  74. SmartCheck
  75. K-Framework
  76. Certora
  77. DappHub’s Hevm
  78. Capture the Flag (CTF)
  79. Security Tools
  80. Audit Process
  81. Reading specification-documentation
  82. Running static analyzers
  83. Manual code review
  84. Running deeper automated tools
  85. Brainstorming with other auditors
  86. Discussion with project team
  87. Report writing
  88. Report delivery
  89. Evaluating fixes
  90. Manual review approaches
  91. Starting with access control
  92. Starting with asset flow
  93. Evaluating control flow
  94. Evaluating data flow
  95. Inferring constraints
  96. Understanding dependencies
  97. Evaluating assumptions
  98. Evaluating security checklists
  99. Presenting proof-of-concept exploits
  100. Estimating the likelihood and impact
  101. Summary