Difference between revisions of "Outsourced software developer"

From OWASP
Jump to: navigation, search
 
(Description)
Line 5: Line 5:
 
Outsourced software developers are hired to write code to a specification provided by the procuring company. Their deliverable may include source code, but is sometimes only a compiled version of the application.
 
Outsourced software developers are hired to write code to a specification provided by the procuring company. Their deliverable may include source code, but is sometimes only a compiled version of the application.
  
A malicious developer is one of the most difficult threats to deal with, as it is extremely difficult to identify malicious code. A talented attacker will make attacks look exactly like an inadvertent error for plausible deniability. In addition, malicious code may be obfuscated to prevent easy detection. Some techniques include spreading an attack throughout a software baseline, using inheritance and class loading tricks to hide calles, and even formatting tricks.
+
A malicious developer is one of the most difficult threats to deal with, as it is extremely difficult to identify malicious code. A talented attacker will make attacks look exactly like an inadvertent error for plausible deniability. In addition, malicious code may be obfuscated to prevent easy detection. Some techniques include spreading an attack throughout a software baseline, using inheritance and class loading tricks to hide calls, and even formatting tricks.
  
 
An outsourced software developer may have no ties with the procuring company and may see an opportunity to steal information or money via a software attack.
 
An outsourced software developer may have no ties with the procuring company and may see an opportunity to steal information or money via a software attack.

Revision as of 13:25, 12 August 2006

This is a threat agent. To view all threat agents, please go to Threat Agent Category page.

Description

Outsourced software developers are hired to write code to a specification provided by the procuring company. Their deliverable may include source code, but is sometimes only a compiled version of the application.

A malicious developer is one of the most difficult threats to deal with, as it is extremely difficult to identify malicious code. A talented attacker will make attacks look exactly like an inadvertent error for plausible deniability. In addition, malicious code may be obfuscated to prevent easy detection. Some techniques include spreading an attack throughout a software baseline, using inheritance and class loading tricks to hide calls, and even formatting tricks.

An outsourced software developer may have no ties with the procuring company and may see an opportunity to steal information or money via a software attack.

Examples

  • Java software developer
  • SQL developer
  • Mainframe developer

Related Threats

Related Attacks