[Owasp-leaders] Code review for backdoors

Aaron Guzman aaron.guzman at owasp.org
Wed Mar 11 19:02:34 UTC 2015


Backdoors are typically at the hardware or embedded level where its harder to locate. Usually ODMs and OEMs fall victim to this. Typically because they use “backdoors” for debugging and testing purposes during manufacturing. A solution is to test and analyze your code from third parties. Whether thats though IDA or other means.
--
Aaron G
OWASP-LA Board Member
Twitter: @scriptingxss
Linkedin: http://lnkd.in/bds3MgN <http://lnkd.in/bds3MgN>
> On Mar 11, 2015, at 11:27 AM, psiinon <psiinon at gmail.com> wrote:
> 
> How about: "Dont put them in" ??
> 
> ;)
> 
> On Wed, Mar 11, 2015 at 6:22 PM, Ali Khalfan <ali.khalfan at owasp.org <mailto:ali.khalfan at owasp.org>> wrote:
> The owasp code review guidelines do a great job at looking for vulnerabilities. However, the will not address intentional vulnerabilities such as backdoors and logic bombs. 
> 
> I wanted to establish such a guideline, but I was wondering if there is any reference I could fall back on ?
> 
> Ali
> -- 
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-leaders <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
> 
> 
> 
> 
> -- 
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150311/e044bb8e/attachment.html>


More information about the OWASP-Leaders mailing list