Research

It is an imperative to include security testing in application development. Yet, with Agile’s fast pace, and lean concepts, it easy to see how many organizations would simply consider testing for application security defects to be too costly in terms of both time and resources. The reasons behind these beliefs are concerns over the cost of the tooling versus the benefit, the cost of deployment and training of the tools, the inability for these tools to fit into Agile development processes, and the objections of developers who must become proficient in the use of the tools. This paper addresses these concerns and describes methods that utilize Veracode’s Security Review and methodologies for security testing that succeed in the Agile world.

Anti-debugging is the implementation of one or more techniques within computer code that hinders attempts at reverse engineering or debugging a target binary. Within this paper we will present a number of the known methods of antidebugging in a fashion that is easy to implement for a developer of moderate expertise. We will include source code, whenever possible, with a line by line explanation of how the antidebugging technique operates. The goal of the paper is to educate development teams on anti-debugging methods and to ease the burden of implementation.

Source code and real-world examples to illustrate the points made in the whitepaper: Anti-Debugging – A Developers View.

Backdoors and malicious code pose significant operational risk to software that is too significant for organizations to ignore. This whitepaper discusses how binary (compiled code) analysis is the ideal platform for detecting backdoors and conducting the most complete independent security test, validation and verification of applications.

This technical whitepaper describes a new way to classify backdoor vulnerabilities in applications and discusses static detection of backdoors.