View third-party security code

Question

View third-party security code

I was asked to monitor the viewing of some third-party codes (Freeware C # Sharepoint in this case) until it was included in the internal corporate network. The big problem is that the hidden code is hidden in the web part, which will steal data / send information back to the creator of the web part / etc., This causes a secondary problem, as this will cause performance problems.

We have the source code, and in this case there are less than 2000 lines of code, so it is not difficult for him to manually run all this and make sure that everything is in order. For more work, what approach is needed to audit the code to see how safe it is? We will need to do this for larger codebases in the future.

+3

security code-review audit

Drstalker Feb 15 '10 at 0:23

source share

4 answers

Corbin March · Answer 1 · 2010-02-15T23:03:38+0000

If you honestly believe that there is even a remote possibility of an evil backdoor, you should not use the code. This is a kind of corporate task that just baffles me. Even if he is free, he can never be worth the risk.

At the same time, code from an authoritative source is most likely safer than yours, because it is tested (I hope) through a wider and more diverse set of users. If the review is just to reassure control, and the code runs on a virtual machine, protect yourself with security features at runtime:

, . , : TCP , , IO, ... , , 100% .

, . , , . , , . , . , , .

Anon. · Answer 2 · 2010-02-15T00:32:20+0000

.

, , . , API - , , , , , , , .

- "", , , , , .

Michael Howard-MSFT · Answer 3 · 2010-02-15T02:38:22+0000

IEEE Security and Privacy http://blogs.msdn.com/michael_howard/archive/2006/08/01/686029.aspx

rook · Answer 4 · 2010-02-15T22:10:39+0000

, , , ? , , , , . , . # - Fortify. , - , , , , .

, . . , , . //, , . , - , , .

View third-party security code

More articles: