Computer security has become a very important subject for companies and institutions, as well as individuals. A security audit is a necessary legal and economic legal requirement for the survival and existence of the company, as well as for its reputation and influence. A security policy, written and published, must be established in any organization making use of a large‐ or medium‐sized computer system. Security presents a very specific and specialized problem that can under no circumstances be resolved internally or by company personnel. An audit must focus on security and make the management, agents, and clients aware of the issue of security by identifying bad habits. There are several aspects that require auditing: network topology, system resistance, servers, connection equipment, network applications, SGBDs and databases, messaging systems, and specific applications. The intrusive test must be programmed carefully to avoid perturbing proper functioning.