-
Finding Backdoor
recently i was reviewing one application code (was outsourced to some freelancer) and found code was bypassing credential validation for "xyz" :mad: . Tough application was small and was not revealing any confidential data but just wondering is there is any guideline or systematic way to find out these type of glitches,specially when application is quite big.
-
Re: Finding Backdoor
Hiding easter eggs and back doors into software has gone on since before Mathew Broderick played Global Thermonuclear War. Slipping one past management has been the motivation for some of the Excel eater eggs over the years, as well as adding a personal signature to a program. If there is one point of login, then you might just examine that area, even in a large project, but that guarantees nothing.
-
Re: Finding Backdoor
That's the (great?) thing about backdoors... they can be anywhere. You should probably get a security "expert" to come in and perform the audit. Not only will they have more experience with this but they will also get the blame if they don't find everything :D
But if you're going to do it anyways, just use your judgment. It'd help if you could look at the source code and analyze it for defects or holes.
-
Re: Finding Backdoor
hmm calling experts for an application worth 1000$ wont be a good option :D.. as of now reviewing all application entry point and queries for sql injection......hopefully that was the only glitch he had punch in