# How AuditX Assesses DApp Security

AuditX provides a tailored auditing process specifically designed to address the unique security needs of DApps. The audit process covers multiple layers of the DApp, ensuring that both the front end and back end are secure. Here’s how AuditX's audit process works for DApps:

* **Smart Contract Review**:
  * AuditX starts by reviewing the DApp’s smart contracts. This involves scanning for vulnerabilities in the code, testing logic, and ensuring compliance with blockchain standards.
  * The goal is to ensure that the smart contracts behave as intended and are free from security issues that could lead to unauthorized access or asset theft.
* **API Testing**:
  * APIs are often the bridge between a DApp’s front end and back end, making them critical for the app’s functionality. AuditX tests these APIs to identify and fix any unprotected endpoints or data exposure risks.
  * The audit team ensures that APIs only allow authorized requests and don’t expose sensitive information, making them resistant to manipulation or unauthorized access.
* **Front-End Security Checks**:
  * AuditX also focuses on the front end, which users interact with directly. This part of the audit includes checking for web-specific vulnerabilities like XSS, CSRF, and clickjacking.
  * Front-end security checks ensure that the DApp’s user interface is safe and cannot be exploited by malicious actors to trick users or steal information.

[<br>](https://ishmanwtf.gitbook.io/oxaudit.app/dapp-auditing/common-risks-in-dapp-development)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://doc.auditx.net/auditx-ecosystem/services/dapp-auditing/how-auditx-assesses-dapp-security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.