Our Spicy Blog
World News
Gadget News
Infotech News
Entertainment News
UK News
News Archives
Culture News
ERP News
Science News
Asia News
Business News
Tech News
Webmaster News
Asia News
Hardware News
Security News
Legal News
South Asia
Africa News
Animal News
no load mutual funds
domain names
Onlypunjab Forums
Law Forums
|
|
We Have Recently Made Changes to Our Website, If you are unable to find something Specific, Please Search Below
Veracode Shines Spotlight on Software Backdoors as an Emerging Threat
Publish Date : 12/17/2007 5:19:00 AM Source : Software and ERP News Onlypunjab.com
Veracode Inc., the leading provider of on-demand application security testing solutions, today announced comprehensive support for detecting backdoors and malicious code as part of Veracode's SecurityReview® solution for developers and purchasers of software. Based on research conducted by the Veracode security team, Veracode has added new scanning capabilities as well as deeper support for detection of backdoors and malicious code using Veracode's patented static binary analysis technology.
As the complexity of modern software applications increases, with components assembled from reusable binary components, backdoors can easily circumvent even the best of QA cycles, resulting in the need for a more complete and accurate approach to software security testing. Veracode's binary software testing, which provides 100% coverage as opposed to the partial coverage of today's source code-only analysis solutions, is uniquely positioned to tackle the backdoors and malicious code challenge by offering a complete, independent security verification of an entire software application.
To combat the risks backdoors pose to organizations, Veracode conducted extensive research and developed the first comprehensive taxonomy of backdoors so that organizations and application developers can better understand how to detect these hidden threats. In the course of the research, Veracode found that the average time to discovery of a backdoor inserted in open source software was measured in weeks. Backdoors in commercial "closed source" applications went undetected for years, putting company and individuals' personal data at risk.
In order to better protect Veracode customers from these often undetected threats, Veracode has augmented its SecurityReview application testing solution to provide better detection of backdoors and malicious code, including: special credential backdoors, hidden functionality backdoors, rootkits, as well as unintended developer-introduced features that pose security risks. (See definitions below.)
"Backdoors and malicious code pose significant operational risk to enterprises and software that are just too significant to ignore," said Matt Moynahan, chief executive officer of Veracode. "Given the complexity of modern application development, the common practice of outsourcing and increasing use of third party libraries, it is nearly impossible for an enterprise to identify the pedigree and security level of the software running their business-critical applications and handling their customer's personally identifiable information. As a result, we expect backdoors and malicious code insertion to become an increasingly prevalent attack vector against the enterprise. Because the binary (compiled code) represents the actual attack surface for the hacker, testing the application binaries is the most accurate and complete way to conduct final, independent security validation and verification."
The Depository Trust & Clearing Corporation (DTTC), which provides custody and asset servicing for 2.8 million securities issues from the United States and 107 other countries and territories, valued at $36 trillion, understands that backdoors and malicious code pose unique threats to the enterprise. "Veracode offers a unique method for testing software that provides software providers with effective security controls to assess and manage the risk of malicious code," said James Routh, CISO of Depository Trust & Clearinghouse Corporation.
For more information on Veracode's software backdoor capabilities, please visit us at www.veracode.com or call us at 781-425-6040.
Multimedia
- Download the podcast to hear more from Veracode on backdoors
- Download a technical white paper to read about the taxonomy of backdoors
- Download a white paper that examines the risks associated with backdoors
Definitions
- Special Credential Backdoors - These occur when an attacker inserts logic and special credentials into the program code. The special credentials are in the form of a username, password, password hash, or key which is usually hardcoded. Special credentials are also inserted by developers for the purpose of customer support or for debugging. These pose a similar risk since once they are discovered attackers can use them as a backdoor.
- Hidden Functionality Backdoors - These allow the attacker to issue commands or authenticate without performing the designed authentication procedure. Hidden functionality backdoors often use special parameters to trigger logic within the program that is not intended. In web applications these are often invisible parameters for web requests (not to be confused with hidden fields). Other hidden functionality includes undocumented commands, hardcoded IP addresses and/or leftover debug code.
- Rootkits - Rootkit behavior in an application can be a warning that a backdoor or other malicious code may be present. Typically rootkits subvert functions of the operating system and are used to hide the backdoor. This helps attackers subsequently access the system and avoid detection.
- Unintended Network Activity - Unintended network activity is a common characteristic of backdoors. This may involve a number of techniques, including listening on undocumented ports, making outbound connections to establish a command and control channel, or leaking sensitive information over the network via SMTP, HTTP, UDP, ICMP, or other protocols. Occasionally this will be an intended feature of the software for use as a support mechanism but it can carry security and privacy risks and should be detected.
About Veracode
Veracode is the leading provider of on-demand application security testing solutions. Created by a world-class team of application security experts, the company delivers services to identify software flaws introduced through coding errors or malicious intent. Veracode's core service, SecurityReview uses patented binary code analysis and dynamic web analysis that is uniquely able to inspect entire application inventories, including components, and does not require companies to expose their valuable source code. Enterprises can now protect their intellectual property while preventing attacks allowed by vulnerabilities in applications.
As the most accurate and comprehensive solution, Veracode makes it simple and cost-effective to implement application security best practices and reduce operational costs related to manual reviews. Whether a company is developing applications internally, purchasing software or integrating code from partners, Veracode's SecurityReview provides insight to the security level of your applications. Outsourcing code analysis to Veracode is the easiest way to secure your software. With a pragmatic approach to application security, Veracode helps you fix what matters most to your business.
Based in Burlington, Mass., Veracode is backed by .406 Ventures, Atlas Venture and Polaris Venture Partners. www.veracode.com
|
Chinese software managers to be trained in India
Publish Date : 1/28/2005 12:32:00 PM
Some 1,000 software managers from south China's Shenzhen city are to undergo training in India to improve their communication skills and etiquette, reports Xinhua.
Kalam launches new software for blind
Publish Date : 1/27/2005 12:23:00 PM
President A.P.J. Abdul Kalam Wednesday launched "Virtual Vision", a software for the blind, here on the occasion of India's 56th Republic Day.
InfoVista Reports Solid Second Quarter, Ahead of Top Line and Bottom Line Guidance
Publish Date : 1/26/2005 12:53:00 PM
InfoVista (Euronext Paris: FR0004031649, NASDAQ: IVTA), the leading service-centric performance management software company today announced record financial results ....
SEGA Sells Visual Concepts Entertainment to Take-Two Interactive
Publish Date : 1/25/2005 10:25:00 AM
SEGA(R) of America today confirmed that SEGA Corporation has agreed to transfer all common stock and related assets of Visual Concepts Entertainment (Visual Concepts)....
Transmeta Corporation Outlines Strategic Restructuring Plan
Publish Date : 1/24/2005 2:38:00 PM
Transmeta Corporation (NASDAQ:TMTA), the leader in efficient computing, today provided an update on its plans to modify its current business model to focus on licensing ....
Digital River Announces Filing of Shelf Registration Statements
Publish Date : 1/15/2005 10:38:00 AM
Digital River, Inc. (Nasdaq:DRIV) today announced that it has filed a universal shelf Registration Statement on Form S-3 and an acquisition shelf Registration Statement ....
Siebel Systems Completes Acquisition of edocs
Publish Date : 1/15/2005 10:34:00 AM
Siebel Systems, Inc. (NASDAQ:SEBL), a leading provider of business applications software, today announced that it has closed its acquisition of edocs, Inc., a leading provider ...
DataMirror Adds Experienced Management to North American Sales Team
Publish Date : 1/14/2005 2:19:00 PM
DataMirror(R) (TSX:DMC)(NASDAQ:DMCX) today announced that Mr. Paul Gilbert has been named Vice President of Sales for the United States and Canada.
Bocada Achieves Record Results in 2004
Publish Date : 1/14/2005 11:23:00 AM
Bocada, Inc., the leading provider of data protection performance management software, today announced record results for its fiscal year ended December 31, 2004.
eBay to Acquire Kurant Assets
Publish Date : 1/14/2005 10:56:00 AM
Kurant, a leading provider of e-business software for small and medium-sized businesses (www.kurant.com), and eBay, the World's Online Marketplace...
Total Results : 42
More News (Opens in New Window) : [1] 2 3 4 5 Next Page
|
|