Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Comprehensive detection of backdoors and malicious code

Veracode : 06 March, 2009  (New Product)
SecurityReview from Veracode provides improved capability for the detection of backdoors and malicious code thus preventing attacks before they happen
Veracode has expanded its coverage for detecting backdoors and malicious code embedded in legitimate software as part of Veracode's SecurityReview solution for developers and purchasers of software. This announcement builds upon Veracode's industry-leading technology and research which introduced the industry's first comprehensive taxonomy of backdoors in 2007.

Veracode has added the ability to detect growing threats commonly known as Time Bombs, Hardcoded Cryptographic Constants and Credentials, Deliberate Information and Data Leakage, Rootkits and Anti-Debugging techniques in applications. These targeted threats are hidden in software and mask their presence to evade detection by traditional security technologies. Coupled with Veracode's existing detection capabilities, this forms the most complete support of backdoor and malicious code available in the market.

"Application backdoors and malicious code are risks for any large enterprise," said Mark McGovern, at In-Q-Tel, the independent strategic investment firm that identifies innovative technology solutions to support the mission of the broader U.S. Intelligence Community and an investor in Veracode. "Automated tools that can look deeply into complex systems and assist managers in understanding hidden vulnerabilities such as backdoors are of significant interest. Manual processes don't scale to meet industry needs. "

The Defence Science Board Task Force has warned of this significant threat in its report "Mission Impact of Foreign Influence on DoD Software." The report states that "High-end attackers will not be content to exploit opportunistic vulnerabilities, which might be fixed and therefore unavailable at a critical juncture. They may seek to implant a vulnerability for later exploitation." Additionally, the SANS Institute recently issued "Application Security Procurement Language" which requires organizations to certify that their software does not contain malicious code, backdoors and time bombs. The State of New York and the Depository Trust and Clearing Corporation (DTCC) have adopted this language as a pre-requisite for vendors to do business with them.

"As organisations increasingly use third party service providers to design, build and manage their software applications, application security becomes ever more critical," said Stan Lepeak, Managing Director of Global Research for EquaTerra. "Veracode's application security testing services can help fill a hole that exists in too many enterprises' testing and acceptance programs for third party developed code."

"Modern software development is complex and comprised of outsourced code, open source and third party libraries, which makes the insertion of backdoors and malicious code difficult to detect by traditional source code analysis and thus, an attractive attack vector," said Matt Moynahan, CEO of Veracode. "Unfortunately due to economic conditions and corporate downsizing, backdoors are becoming an increasing threat not only from external attackers, but from privileged insiders. Veracode inspects the application binary, which is the only way to cover 100% of the application code. Verifying the binaries as part of the SDLC or purchase process is the easiest and most effective way to manage risk from backdoor and malicious code vulnerabilities.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo