What methods do people out there use to find security vulnerabilities within a piece of software?. It seems the most favoured method is study complied binaries in memory at runtime or even just play with inputs and outputs until something breaks. Of course if you donít have access to the source code for the software then you are limited, but I think (from the perspective of testing my own and other peoples apps) that the only time effective and absolute way of finding exploits is to study an applicationís code at design time. I usually just breeze through with code security tools to do this (RatScan) , but would be interested if anyone has developed any of their own techniques for hand spotting potential vulnerabilities, especially in C++.