Software Auditing

Does the software you bought really do what you think it does? Is the code vulnerable to common attacks? Do you need to upgrade, but don’t know how big a task it is? We can audit your software, and help you to know exactly where you stand.

One of the most common problems we encounter when taking on existing software projects is that our customers don’t actually know the condition of their current software. It might look shiny on top, but a pretty interface could be hiding serious bugs that could damage your business.

We specialise in understanding old software and producing documentation so that you too can understand the true state of your project. If you don’t know what you’re holding on to, it can be impossible to plan for the future. Poorly written code could impact your business in a myriad of ways from slow performance, to confused and frustrated customers, to vulnerabilities which can expose you and your customers to significant risks and liability.

Ensuring Security

We can audit the security of your systems, spot vulnerabilities, and give you recommendations to improve the safety and reliability of your software. Whether you’re working with Protected Health Information, need certainty that your billing systems are functioning correctly, or just want to make sure that your data is as safe as it can be. We’ll identify threats and weaknesses, and give you practical advice on how to avoid both automated and targeted attacks.

We don’t just run the standard checks and give you a report of what might be vulnerable. We will take the time to understand the risks as they apply to your software, instead of just reporting potential vulnerabilities that aren’t actually a risk to your systems. You’ll get actionable insights instead of expensive, automated reports.

Read more about our process for security audits.

Identifying The Path Forward

Are you not sure if your old software can be upgraded or if it’s time to start from scratch? While we’ve encountered many software agencies that seem to believe that their code is the only worthy code, we believe that software which is working now is more valuable than future software that doesn’t yet exist.

We will review your code and identify the possible paths forward that you could take from upgrading in place, to a phased replacement, to completely new builds. Each of these will have their benefits or drawbacks, so we aim to help you to understand the real world implications of each approach. Sometimes replacing a dysfunctional system is the fastest way forward, but we don’t assume that it’s always the best option.

A Second Opinion

Sometimes all you need is an external expert to review your software and help you to verify that your product actually does what it says on the lid. This can help you to have a better understanding of the software that runs your business, and help you to have more productive discussions with your development team.

We bring many years of experience across several sectors so we may be able to shed light on problems or alternative solutions that your team hasn’t yet seen. This could be finding security holes, finding ways to add more certainty to your development process, or helping you to reduce your maintainence burden.

A software audit is not an obligation to hire us for ongoing support or maintenance – it’s simply a process to get an independent opinion. We are also happy to review software during mergers and acquisitions to ensure that you know exactly what you’re purchasing.

What To Expect

Depending on the size of your software project and the goals of the audit, we will typically spend anywhere from two days to a week reviewing your software, and writing an easy to understand report. This report won’t just contain a list of problems that we find, but an overview of your software and the processes in place to maintain it. We’ll give you better insight and understanding of how your software is built, where it’s strong, and where the weaknesses might lie. It can help you to plan for the future, or guide your upgrade path.

When delivering the report, we also like to spend some time with you to discuss what everything means, and make sure that you’re not overwhelmed by jargon. We’ll rank potential actions based on impact and difficulty, so that you can chart a path forward.

What Comes Next?

Once we’ve provided an initial audit we can also provide periodic reviews to assess your remidiations, look for other potential problems, and help to keep your progress on track. These could come in the form of a shorter progress audit which just reviews the previously discovered issues, or another complete audit which will review the entire system within its current context at the time of the audit.

If you’re engaging us to take over development on your software, then we will work with you to develop a plan to prioritise and remdiate any issues found.

Our Experience

We’ve been building software for over 20 years, working with a variety of companies spanning a large range of industries. From rescuing hacked websites sites to securing Protected Health Information for millions of customers, we’ve worked on systems of all scales. We know how to balance the realities of running a business with achieving better outcomes.

Our primary focus is systems built with PHP and Laravel, but we’re also happy to audit systems built with other technologies such as Symfony, CakePHP, CodeIgniter, or PHP systems with no framework. We can also audit systems built in other programming languages, however our knowledge of the accepted “best practices” for other ecosystems is limited, and we may not be able to give the same level of insights outside of assessing code quality and more obvious flaws.