HOME > SECURITY RESOURCES > PODCAST ABSTRACT
Malicious Code and the Ounce Solution
Why Malicious Code Detection is Critical to Application Security
Hosted by: Claudia Dent, Senior VP of Product Marketing, Ounce Labs
Guests: Bruce Mayhew, Director, Adv. Security Research Group, Ounce Labs
Length: 9:51
Filesize: 4.6 MB
Abstract
Preventing and detecting malicious code is crucial to maintaining application security, functionality and data. By definition, malicious code must interact with a critical application asset and must include a triggering event. This podcast defines the various kinds of malicious code and how to find and eliminate them at the source with static analysis.
Overview
Malicious code manifests itself in various ways, from a gag flight simulation hidden in an excel program to the malfunction of an entire power grid. In order for development organizations to prioritize the detection of malicious code, they must first identify what their critical assets are (e.g. credit card data, trade secrets, inventory management, etc.). Once these assets are identified, to ensure application security the organization must understand how the application interacts with or can affect these resources.
Application security is key in this process, which must include segregation of duties between a security expert and an application domain expert. The software should be checked as its being developed and then the application should be profiled using static analysis during the software . After the assets are identified and profiled, the next step is to validate the usage of the assets. Static analysis provides direction to the code, but the logic must be validated by a human.
This podcast further describes why it is critical for organizations to identify and remedy instances of malicious code to ensure application security. It also includes important takeaways for managers and developers to use during the SDLC.