Projects/OWASP Reverse Engineering and Code Modification Prevention Project/Roadmap

Jump to: navigation, search

This project acts as an umbrella with a few different subprojects / initiatives. Each initiative is outlined below:

Security Analyst / Business Community: These subprojects will highlight the technical and business risks that arise when hosting sensitive code in environments that are considered untrustworthy. Analysts will understand when it is appropriate to think about reverse engineering and unauthorized code modification use-case scenarios in their projects. There will be connections to the OWASP Mobile Top Ten.

Security Architect: These subprojects will highlight the specific types of integrity controls that a software architect must include within their solutions to match the security requirements specified by analysts that related to reverse engineering and unauthorized code modification prevention. An architect will be able to understand the correct properties of solutions that follow Industry "Best Practice" with respect to reverse engineering and integrity risk prevention.

Security Auditor: These subprojects will highlight the specific attack vectors that an adversary will execute in particular environments (iOS, Android, firmware, etc.) that an adversary will leverage in order to reverse engineer or modify code. An auditor will have a suite of new test-cases to try against their client's mobile application code to ensure that the right features of integrity / reverse-engineering are instilled in the application. Videos, technical discussion, and guidelines will exist here.

Software Engineers: These subprojects will produce guidelines for Software Engingeers that highlight coding techniques that encourage reverse engineering or integrity violation for code that is hosted in untrustworthy environments. A Security Champion within a Software Engineering team will understand what code-level implementation techniques will encourage an attacker to reverse-engineer or successfully modify their code.