[Owasp-leaders] Code review for backdoors

Azzeddine Ramrami azzeddine.ramrami at owasp.org
Wed Mar 11 19:06:38 UTC 2015


All backdoor exploit the security flaw in the apps. A good code review can
detect security flaw in the code.
You can also do a reverse engineering technique or fuzzy testing to detect
security bugs in the apps.
Azzeddine

On Wed, Mar 11, 2015 at 8:02 PM, Aaron Guzman <aaron.guzman at owasp.org>
wrote:

> Backdoors are typically at the hardware or embedded level where its harder
> to locate. Usually ODMs and OEMs fall victim to this. Typically because
> they use “backdoors” for debugging and testing purposes during
> manufacturing. A solution is to test and analyze your code from third
> parties. Whether thats though IDA or other means.
> --
> Aaron G
> OWASP-LA Board Member
> Twitter: @scriptingxss
> Linkedin: http://lnkd.in/bds3MgN
>
> On Mar 11, 2015, at 11:27 AM, psiinon <psiinon at gmail.com> wrote:
>
> How about: "Dont put them in" ??
>
> ;)
>
> On Wed, Mar 11, 2015 at 6:22 PM, Ali Khalfan <ali.khalfan at owasp.org>
> wrote:
>
>> The owasp code review guidelines do a great job at looking for
>> vulnerabilities. However, the will not address intentional vulnerabilities
>> such as backdoors and logic bombs.
>>
>> I wanted to establish such a guideline, but I was wondering if there is
>> any reference I could fall back on ?
>>
>> Ali
>> --
>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>  _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
Azzeddine RAMRAMI
+33 6 65 48 90 04.
Enterprise Security Architect
OWASP Leader (Morocco Chapter)
Mozilla Security Projects Mentor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150311/0e98c868/attachment-0001.html>


More information about the OWASP-Leaders mailing list