Visualising Source Code for Auditing [Video]

Auditing large amounts of source code can be a challenging task. With ever-growing software, hardly anyone has the time (aka money) and patience to read each and every single line of code there is. Thus, a crucial point is to get an overview of the code, to identify potentially interesting areas of code, understand how different parts of the code interrelate, sometimes even to reverse engineer the architecture implicitly contained in source code, for the documentation on the particular code is often either outdated or nonexistent. This pinpointing of interesting areas within the code is especially important and useful when professionally auditing for security-relevant bugs in given code.

The purpose of this talk is to show how information visualization techniques as well as techniques from compiler design can be used to help an auditor to quicklier and better understand large amounts of source code and thereby become a more efficient auditor. I will also show the latest development of Charles, a tool I develop to implement and assess the various source visualization ideas.