, Volume 34, Issue 3, pp 149-155
Date: 24 Feb 2010

Static detection of application backdoors

Rent the article at a discount

Rent now

* Final gross prices may vary according to local VAT.

Get Access

Abstract

Backdoors in legitimate software, whether maliciously inserted or carelessly introduced, are a risk that should be detected prior to the affected software or system being deployed. Automated static analysis of executable code can detect many classes of malicious behavior. This paper will cover the techniques that can be employed to detect special credentials, hidden commands, information leakage, rootkit behavior, anti-debugging, and time bombs.

Chris Wysopal CTO and Co-Founder of Veracode. He is vulnerability researcher and the author of „The Art of Software Security Testing“
Chris Eng Senior Director of Research at Veracode. He is responsible for integrating security expertise and prioritize the security feature set of Veracode’s service offerings.
Tyler Shields Senior Researcher for the Veracode Research Team whose responsibilities include understanding and ex-amining security and attack methods for integration into the Veracode products.