Abstract: The security problem in software has always been a puzzle for the development of software industry. In order to find out the security vulnerabilities in the software, various of security testing methods have been invented. However, only source code testing can dig deep security problems in software. This paper starts with the common software testing methods, Compared the difference of quality audit and security audit. And then studies the method of code security audit from two aspects: artificial walkthrough and static analysis of code security tools. Finally, makes a prospect of source code security audit.

Key words: Information security, Surce code, Security audit, defect, static analysis, software security

摘要： 软件中的安全问题一直是困扰软件行业发展的一个难题，为了找出软件中存在的漏洞和安全隐患，人们发明了各种安全性测试方法，但只有源代码级的测试才能深入挖掘软件中的深层次安全问题。本文从常用的软件测试方法入手，对代码审查中质量审查和安全性审查的不同点进行了比较，并从代码安全性人工走查和代码安全性工具静态分析两个方面对代码安全性审查的方法进行了研究，最后对代码安全性审查未来发展的方向进行了展望。

关键词: 信息安全, 源代码, 安全审查, 缺陷, 静态分析, 软件安全