Difference between revisions of "Contractors"

From OWASP
Jump to: navigation, search
 
(15 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== Description ==
+
<br>
Contractor is one that provides goods or service to costumers. The contractor can be a group or individual that has a contracts with another individual or organization to make a project or something especific.
+
[[Category:OWASP ASDR Project]]
The contract agreement between the customer and the contractor can include everything from the responsability for the methods, means, execution and/or supervision to the supplying of all material, labor, equipment and/or services necessary and it's include the budget, the general and special conditions and the plans and specification of the project, service or supplies.
+
  
  
 +
== Description ==
 +
A contractor is one who provides goods or service to customers. The contractor can be a group or individual that has a contracts with another individual or organization to make a project or something specific.
 +
The contract agreement between the customer and the contractor can include everything from the responsability for the methods, means, execution and/or supervision to the supplying of all material, labor, equipment and/or services necessary. It includes the budget, the general and special conditions and the plans and specification of the project, service or supplies.
  
A general contractor is responsible for the means and methods to be used in the construction execution of the project in accordance with the contract documents. Said contract documents usually include the contract agreement including budget, the general and special conditions and the plans and specification of the project that are prepared by a design professional. A general contractor usually is responsible for the supplying of all material, labor, equipment, (engineering vehicles and tools) and services necessary for the construction of the project. To do this it is common for the general contractor to subcontract part of the work to other persons and companies that specialize in these types of work. These are called subcontractors.
+
To do this it is common for the general contractor to subcontract part of the work to other persons and companies that specialize in these types of work. These are called subcontractors.
  
 
== Risk Factors ==
 
== Risk Factors ==
Line 11: Line 13:
  
 
== Examples ==
 
== Examples ==
TBD
+
Outsourced software developers are hired to write code to a specification provided by the procuring company. Their deliverable may include source code, but is sometimes only a compiled version of the application.
 +
 
 +
A malicious developer is one of the most difficult threats to deal with, as it is extremely difficult to identify malicious code. A talented attacker will make attacks look exactly like an inadvertent error for plausible deniability. In addition, malicious code may be obfuscated to prevent easy detection. Some techniques include spreading an attack throughout a software baseline, using inheritance and class loading tricks to hide calls, and even formatting tricks.
 +
 
 +
An outsourced software developer may have no ties with the procuring company and may see an opportunity to steal information or money via a software attack.
 +
 
 +
Examples:
 +
* Java software developer
 +
* SQL developer
 +
* Mainframe developer
 +
 
 +
==Related [[Threat Agent|Threat Agents]]==
 +
 
 +
* [[Internal software developer]]
  
 
==Related [[Attacks]]==
 
==Related [[Attacks]]==
TBD
+
* [[Logic/time bomb]]
 +
* [[Backdoor attack]]
 +
* [[Salami attack]]
 +
 
  
 
==Related [[Vulnerabilities]]==
 
==Related [[Vulnerabilities]]==
Line 21: Line 39:
 
== References ==
 
== References ==
 
*[http://en.wikipedia.org/wiki/General_contractor Wikipedia]
 
*[http://en.wikipedia.org/wiki/General_contractor Wikipedia]
 +
 +
[[Category: Threat Agent]]

Latest revision as of 18:53, 7 April 2009



Contents

Description

A contractor is one who provides goods or service to customers. The contractor can be a group or individual that has a contracts with another individual or organization to make a project or something specific. The contract agreement between the customer and the contractor can include everything from the responsability for the methods, means, execution and/or supervision to the supplying of all material, labor, equipment and/or services necessary. It includes the budget, the general and special conditions and the plans and specification of the project, service or supplies.

To do this it is common for the general contractor to subcontract part of the work to other persons and companies that specialize in these types of work. These are called subcontractors.

Risk Factors

TBD

Examples

Outsourced software developers are hired to write code to a specification provided by the procuring company. Their deliverable may include source code, but is sometimes only a compiled version of the application.

A malicious developer is one of the most difficult threats to deal with, as it is extremely difficult to identify malicious code. A talented attacker will make attacks look exactly like an inadvertent error for plausible deniability. In addition, malicious code may be obfuscated to prevent easy detection. Some techniques include spreading an attack throughout a software baseline, using inheritance and class loading tricks to hide calls, and even formatting tricks.

An outsourced software developer may have no ties with the procuring company and may see an opportunity to steal information or money via a software attack.

Examples:

  • Java software developer
  • SQL developer
  • Mainframe developer

Related Threat Agents

Related Attacks


Related Vulnerabilities

TBD

References