 |
Professional Database Developers |
| Aldex Software Ltd. | |
Software
Auditing Services
|
|||||
|
Software
Auditing Services
|
|||||
|
Introduction We offer a software auditing service whereby we will investigate and produce a written report on any Access, Visual Basic or SQL Server database. Differing areas are covered based upon our initial findings and on what we can physically investigate (for example we can only audit source code if it is available to us). A typical audit of a SQL database costs £1,000 + VAT and would cover issues such as.... |
| Database design We will look at the design, check that appropriate data types are being used, see if there is any duplicated data, look for recurring fields, check that suitable Primary Keys have been used, check the table relationships, check the use of indexes, check the table and fields names to see if they are meaningful (for example not Integer3), that they can be upsized without renaming and generally check that the design has been normalised to the Third Normal Form (which, for those who have not heard the term before, is essentially a measure of how well the design fits the relational database model). |
| Data An investigation of the actual data held. Is invalid data being stored? For example are dates such as 06/209 being saved for the expiry date of a credit card? Are duplicate records being held? Is the same data being held in more than one field? Is calculated data being held? Are there orphaned records which cannot be tied up with the rest of the system? Are all required fields being filled in? For example if taking an order has the name and address of the purchaser been completed? Is confidential data properly secured (for example are credit card numbers encrypted)? |
| Source Code Has a naming convention been applied? Is the code correctly indented? Has a disciplined approach been taken? Is the code commented? Have GOTO statements been used (other than in error trapping)? Has error trapping been applied throughout? Is the code easy to read and to understand? Has it been designed with future maintenance in mind? Is there any 'dead code' that is redundant or no longer used? What type of data access techniques have been used? Does the code include obsolete or deprecated functions or techniques? Does it have a logical and consistent design? |
| Queries Has a naming convention been applied? Are there any redundant or unused queries? Are there multiple queries which are identical apart from the selection criteria (ie which could be replaced by a single, parameterised query)? Are the queries unnecessarily complicated? Are there queries which are nested more than two or three levels deep (ie a query, which calls another query, which calls yet another query, which calls a further query, which....)? Has the data returned from queries been restricted or has SELECT * been used automatically? |
| User Interface Is the User Interface laid out in a clear and logical manner? Is it easy to use? Are data fields labeled with meaningful names? Is the navigation process sensible and logical? Does the user have to constantly navigate up and down a hierarchy or are there shortcuts? Is invalid data trapped when it entered? Does the colour scheme help or hinder the user? Are forms consistent (for example are 'close' buttons labeled the same and positioned in the same place on different forms)? Are error messages meaningful? If the application is for data entry can it be used without a mouse? Have fonts (typeface and size) been used consistently? |
| General What environment (operating systems, screen resolution, etc.) has the application been designed for? Has a version control process been implemented? Automated table reattachment? Is there a history of the changes that have been applied to the system? What external dependencies are there (for example does the application rely on any third party Active-X controls)? Is all of the source code available? Is the application capable of being modified/maintained by a third party? What security system has been implemented? Is it effective? Is there a backup procedure in the system? If so does it work correctly? Is the system designed with support in mind (for example does it include error logging)? Has an audit trail been implemented? Is the system easy to crash? Does it recover after an error? Does the application have a procedure to compact the data? How easy would it be to upsize the system? Are there any performance issues? |
|
What To Do
Next... |
 Copyright ©2007, Aldex Software Ltd. |