Ecommerce Shopping Cart - Search Engine Marketing Software

Veracode Shines Spotlight on Software Backdoors as an Emerging Threat

Burlington, MA (PRWEB) December 17, 2007 -- Veracode Inc. (www.veracode.com), the leading provider of on-demand application security testing solutions, today announced comprehensive support for detecting backdoors and malicious code as part of Veracode's SecurityReview® solution for developers and purchasers of software. Based on research conducted by the Veracode security team, Veracode has added new scanning capabilities as well as deeper support for detection of backdoors and malicious code using Veracode's patented static binary analysis technology.

As the complexity of modern software applications increases, with components assembled from reusable binary components, backdoors can easily circumvent even the best of QA cycles, resulting in the need for a more complete and accurate approach to software security testing (www.veracode.com/solutions). Veracode's binary software testing, which provides 100% coverage as opposed to the partial coverage of today's source code-only analysis solutions, is uniquely positioned to tackle the backdoors and malicious code challenge by offering a complete, independent security verification of an entire software application.

To combat the risks backdoors pose to organizations, Veracode conducted extensive research and developed the first comprehensive taxonomy of backdoors so that organizations and application developers can better understand how to detect these hidden threats. In the course of the research, Veracode found that the average time to discovery of a backdoor inserted in open source software was measured in weeks. Backdoors in commercial "closed source" applications went undetected for years, putting company and individuals' personal data at risk.

In order to better protect Veracode customers from these often undetected threats, Veracode has augmented its SecurityReview application testing solution (www.veracode.com/solutions) to provide better detection of backdoors and malicious code, including: special credential backdoors, hidden functionality backdoors, rootkits, as well as unintended developer-introduced features that pose security risks. (See definitions below.)

"Backdoors and malicious code pose significant operational risk to enterprises and software that are just too significant to ignore," said Matt Moynahan, chief executive officer of Veracode. "Given the complexity of modern application development, the common practice of outsourcing and increasing use of third party libraries, it is nearly impossible for an enterprise to identify the pedigree and security level of the software running their business-critical applications and handling their customer's personally identifiable information. As a result, we expect backdoors and malicious code insertion to become an increasingly prevalent attack vector against the enterprise. Because the binary (compiled code) represents the actual attack surface for the hacker, testing the application binaries is the most accurate and complete way to conduct final, independent security validation and verification."

The Depository Trust & Clearing Corporation (DTTC), which provides custody and asset servicing for 2.8 million securities issues from the United States and 107 other countries and territories, valued at $36 trillion, understands that backdoors and malicious code pose unique threats to the enterprise. "Veracode offers a unique method for testing software that provides software providers with effective security controls to assess and manage the risk of malicious code," said James Routh, CISO of Depository Trust & Clearinghouse Corporation.

For more information on Veracode's software backdoor capabilities, please visit us at www.veracode.com or call us at 781-425-6040.

Multimedia

- Download the podcast (http://prwebpodcast.com/releases/pod576889.htm) to hear more from Veracode on backdoors

- Download a technical white paper (www.veracode.com/resources) to read about the taxonomy of backdoors

- Download a white paper (www.veracode.com/resources) that examines the risks associated with backdoors

Definitions

?    Special Credential Backdoors - These occur when an attacker inserts logic and special credentials into the program code. The special credentials are in the form of a username, password, password hash, or key which is usually hardcoded. Special credentials are also inserted by developers for the purpose of customer support or for debugging. These pose a similar risk since once they are discovered attackers can use them as a backdoor.

?    Hidden Functionality Backdoors - These allow the attacker to issue commands or authenticate without performing the designed authentication procedure. Hidden functionality backdoors often use special parameters to trigger logic within the program that is not intended. In web applications these are often invisible parameters for web requests (not to be confused with hidden fields). Other hidden functionality includes undocumented commands, hardcoded IP addresses and/or leftover debug code.

?    Rootkits - Rootkit behavior in an application can be a warning that a backdoor or other malicious code may be present. Typically rootkits subvert functions of the operating system and are used to hide the backdoor. This helps attackers subsequently access the system and avoid detection.

?    Unintended Network Activity - Unintended network activity is a common characteristic of backdoors. This may involve a number of techniques, including listening on undocumented ports, making outbound connections to establish a command and control channel, or leaking sensitive information over the network via SMTP, HTTP, UDP, ICMP, or other protocols. Occasionally this will be an intended feature of the software for use as a support mechanism but it can carry security and privacy risks and should be detected.

About Veracode

Veracode is the leading provider of on-demand application security testing solutions. Created by a world-class team of application security experts, the company delivers services to identify software flaws introduced through coding errors or malicious intent. Veracode's core service, SecurityReview uses patented binary code analysis and dynamic web analysis that is uniquely able to inspect entire application inventories, including components, and does not require companies to expose their valuable source code. Enterprises can now protect their intellectual property while preventing attacks allowed by vulnerabilities in applications.

As the most accurate and comprehensive solution, Veracode makes it simple and cost-effective to implement application security best practices and reduce operational costs related to manual reviews. Whether a company is developing applications internally, purchasing software or integrating code from partners, Veracode's SecurityReview provides insight to the security level of your applications. Outsourcing code analysis to Veracode is the easiest way to secure your software. With a pragmatic approach to application security, Veracode helps you fix what matters most to your business.

Based in Burlington, Mass., Veracode is backed by .406 Ventures, Atlas Venture and Polaris Venture Partners. www.veracode.com

###

Shopping Cart Uses Top Google Keywords to Maximize Revenue
Ecommerce shopping cart hosting uses search engine marketing software to sell products online. Use top paying Google keywords and PPC campaigns to maximize revenue and boost your income stream. Get a merchant account for credit card processing and make money on the internet with merchandise sales.

MORE ARTICLES:

Xonca Ecommerce Shopping Cart Software Released
Ecommerce software company Arquan releases search engine friendly Xonca shopping cart software for web designers and SEO professionals.

Merchant Account Insider Secrets - Accept Credit Cards Online
The process of learning how to accept payments on the Internet is similar to the course of figuring out how to launch a business. What at first seems puzzling and intimidating may be viewed as straightforward and easy to understand if one has the right guide or manual.

Arquan Announces Ecommerce Shopping Cart Software For Web Designers and SEO Professionals
Arquan announces Xonca 3.0 ecommerce shopping cart software for web designers and SEO professionals who need complete design control, power, simplicity, and search engine friendly features. Xonca is also very easy to operate for the end user.

Comparison Shopping Search Engines Equal Big Profits for Online Merchants
Holiday shoppers are expected to spend $32 billion online this season, with purchases happening well past ground shipping cutoff dates. That's according to "Online Retail Holiday Forecast, 2006," a report from JupiterResearch.

Apply For A Credit Card Merchant Account Online
Who should? Why, you should, of course, if you want to grow your business and maximize sales volume! In this day and age, more and more business functions are moving into cyberspace, which means that business owners must be ready to travel to this relatively unknown domain if they want to maintain strong customer ties and stay a step or two ahead of the competition. Dont worry if youre not Web savvy; most online processes that are geared to the general consumer are not hard to perform. In fact, most are downright easy.

Accept Credit Cards Online Without a Merchant Account
There are two major ways to accept credit cards on your website. The first and most expensive is to have your own merchant account.

Internet Marketing - How to Make your Online Advertising Business Produce Money on Internet Marketing
The success or failure of your Internet marketing business depends largely on the Internet users. If they are interested on the products and services that you are offering for sale, definitely you can expect hundreds to thousands of dollars in revenues from your online business. On the other hand, if they are just too lazy to hear what you want to say and what you are offering, better shut down your personal computer unit and find some other ways of earning money.

Shopping Cart Software - Boost Your Online Sales
More and more people are going to the internet in order to find a means of making a living. There have been so many advances in the ways of the internet that have made making money easier for many people. This concept is actually relatively simple; on the internet there is an increased ability to reach many more customers than in person.

eCommerce Solution - Shopping Cart Software
Build Your Own Ecommerce Website Ecommerce has been the rage for the online community. Now over half of the world prefers to do shopping on Internet through various ecommerce stores. Every businessperson wants to build own an ecommerce website in order to get their business an impressive online presence and an ultimate global exposure. If you are also running a business and are looking for a perfect way out to reach the millions of customers from all over the world, there is no other way to do this than building an ecommerce website. However, if you are planning to build your own ecommerce website, you should not that it is not an easy task to do. You need to look into several factors. Let us go exploring. Professional Design W...

4 Reasons Why You Must Try PPC Search Engine Internet Marketing
PPC (or Pay Per Click for those not in the know) search engine internet marketing is a form of internet advertising model that uses the power of the search engine, the flexibility and connectivity of advertising networks and a whole host of content based people pulling websites to generate audience volume

Advertising Your Work From Home Internet Business With PPC Search Engines
If you want to make money online with a work from home business then you are going to need lots of good targeted traffic to your web site and or affiliate links. One way to get good targeted traffic is to pay for it.

Top eCommerce Software Blogger Linda Bustos Wins Search Engine Marketing Scholarship
Elastic Path Software Blog "Get Elastic" educates webmasters on analytics, search marketing and eCommerce best practices.

Pinnacle Cart Releases the Next Generation of Their Successful Shopping Cart Software  Pinnacle Cart 360
Pinnacle Cart announces the release of their latest ecommerce software solution, Pinnacle Cart 360. Designed from a marketing perspective, this tremendously successful shopping cart application is designed to increase website sales, average sales amount and organic traffic.

PPC Marketing, PPC Advertising, Pay Per Click, Internet Marketing
PPC Means ProsPerous Campaigns!