Which of the following would an information security manager BEST test for the existence of back doors?

A third party was engaged to develop a business application. Which of the following would an
information security manager BEST test for the existence of back doors?

A third party was engaged to develop a business application. Which of the following would an
information security manager BEST test for the existence of back doors?

A.
System monitoring for traffic on network ports

B.
Security code reviews for the entire application

C.
Reverse engineering the application binaries

D.
Running the application from a high-privileged account on a test system

Explanation:

Security’ code reviews for the entire application is the best measure and will involve reviewing the
entire source code to detect all instances of back doors. System monitoring for traffic on network
ports would not be able to detect all instances of back doors and is time consuming and would
take a lot of effort. Reverse engineering the application binaries may not provide any definite
clues. Back doors will not surface by running the application on high-privileged accounts since
back doors are usually hidden accounts in the applications.



Leave a Reply 0

Your email address will not be published. Required fields are marked *