 |
Application Vulnerability Exploitation Prevention
Security reviews, penetration testing, and obfuscation are requirements for the release of applications in today's world. None solves the problem alone, but together application security is raised to a new bar.
Without obfuscation, a hacker could reverse engineer a Java or .NET application with a freely available decompiler, then either read it looking for newer known vulnerabilities, or run a recent release of a code scanner tool against it that will point out the vulnerabilities to them. DashO and Dotfuscator can significantly hinder this process. DashO and Dotfuscator typically make decompilers generate gibberish or throw exceptions.
Also, you patch your code for security vulnerabilities right? Hackers know this too and to them a security patch is a roadmap for breaking into existing unpatched applications. Obfuscating your applications is key, and using an obfuscator that incrementally obfuscates patches is crucial to protecting your application throughout its lifetime.
Historically, web service companies have the advantage of being able to rely on server security in addition to obfuscation to protect the intellectual property and business process embedded within their software. However, in this age of Web 2.0, web service companies are commonly releasing components (i.e. APIs) for public use to provide programmatic access to their services.
This new exposure catches many web service companies by surprise and as Joe Feiman of Gartner points out in a resent research report, such companies should take extra steps to be sure that publicly released code is protected from reverse-engineering. Advanced obfuscation techniques in PreEmptive's Dotfuscator and DashO products can even protect compiled code while leaving the public interface intact. It runs quickly and correctly, it just can't be reverse compiled.