[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: source code "forensic" practices

* Yaroslav Halchenko:

> The question is: are there any helper tools for doing source code
> validation subject to possibly available snippets of code which might be
> for illegal activity (ie sending out private information, or serve as
> backdoors, etc)?

There are several commercial bug finding tools and services.  I don't
know how good they are at detecting logic bombs and similar things.

> May be some language specific tools (JS, Java, python)
> which could catch snippets intended for data transmission/receival? 

Java is doable at least, but due to their dynamic nature, JavaScript
and Python are in a completely different league.  JavaScript is
extremely obnoxious because you can easily download scripts from the
Net, triggered from self-modifying code.  In fact, this is a common
practice in the online advertising world.

Reply to: