Skip to main content


What Is Malicious Code?

Malicious code is the term used to describe any code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system. Malicious code is an application security threat that cannot be efficiently controlled by conventional antivirus software alone. Malicious code describes a broad category of system security terms that includes attack scripts, viruses, worms, Trojan horses, backdoors and malicious active content.

Malicious code can take the form of:

  • Java Applets
  • ActiveX Controls
  • Scripting languages
  • Browser plug-ins
  • Pushed content

Once inside your environment, malicious code can enter network drives and propagate. Malicious code can also cause network and mail server overload by sending email messages; stealing data and passwords; deleting document files, email files or passwords; and even reformatting hard drives.

Secure Coding Handbook

Learn best practices from the pros at Veracode.

Get the Handbook

Malicious Code Threatens Enterprise Security

Malicious code can give a user remote access to a computer. This is known as an application backdoor. Backdoors may be created with malicious intent, to gain access to confidential company or customer information. But they can also be created by a programmer who wants quick access to an application for troubleshooting purposes. They can even be created inadvertently through programming errors. Regardless of their origin, all backdoors and malicious code can become a security threat if they are found and exploited by hackers or unauthorized users. As applications today tend to be built more and more often with reusable components from a variety of sources with varying levels of security, malicious code can pose a significant operational risk to the enterprise. That's why so many enterprises today are turning to Veracode to secure their applications.

How to Avoid Malicious Code

One way to avoid malicious code in your applications is to add static analysis (also called “white-box” testing) to your software development lifecycle to review your code for the presence of malicious code. Veracode’s static code analysis looks at applications in non-runtime environment. This method of security testing has distinct advantages in that it can evaluate both web and non-web applications and, through advanced modeling, can detect malicious code in the software’s inputs and outputs that cannot be seen through other testing methodologies.

Test for Malicious Code With Veracode

Veracode has the ability to detect applications for malicious code threats that include time bombs, hardcoded cryptographic constants and credentials, deliberate information and data leakage, rootkits and anti-debugging techniques. These targeted malicious code threats are hidden in software and mask their presence to evade detection by traditional security technologies. Veracode's detection capabilities provide comprehensive support to combat against backdoors and malicious code.

Veracode Detection Tool Tests for Backdoors, Malicious Code, Functionality, and More

In addition to backdoors and malicious code detection, Veracode finds flaws in software that may lead to vulnerabilities. A Veracode scan may turn up an instance of inadequate authentication, for example, that could possibly be a risk to enterprise security.

See More Veracode Security Solutions