Which of the following would an information security ma…

A third party was engaged to develop a business application. Which of the following would an information
security manager BEST test for the existence of back doors?

A third party was engaged to develop a business application. Which of the following would an information
security manager BEST test for the existence of back doors?

A.
System monitoring for traffic on network ports

B.
Security code reviews for the entire application

C.
Reverse engineering the application binaries

D.
Running the application from a high-privileged account on a test system

Explanation:

Security’ code reviews for the entire application is the best measure and will involve reviewing the entire source code to detect all instances of back doors. System monitoring for traffic on network ports would not be able to detect all instances of back doors and is time consuming and would take a lot of effort. Reverse engineering the application binaries may not provide any definite clues. Back doors will not surface by running the application on high-privileged accounts since back doors are usually hidden accounts in the applications.



Leave a Reply 0

Your email address will not be published. Required fields are marked *