Re: source code "forensic" practices
* Yaroslav Halchenko:
> The question is: are there any helper tools for doing source code
> validation subject to possibly available snippets of code which might be
> for illegal activity (ie sending out private information, or serve as
> backdoors, etc)?
There are several commercial bug finding tools and services. I don't
know how good they are at detecting logic bombs and similar things.
> May be some language specific tools (JS, Java, python)
> which could catch snippets intended for data transmission/receival?
Java is doable at least, but due to their dynamic nature, JavaScript
and Python are in a completely different league. JavaScript is
extremely obnoxious because you can easily download scripts from the
Net, triggered from self-modifying code. In fact, this is a common
practice in the online advertising world.
Reply to: