Security [SOLVED]: Is there a way to detect unwanted modifications in applications?

Security [SOLVED]: Is there a way to detect unwanted modifications in applications?

Home Forums Security Security [SOLVED]: Is there a way to detect unwanted modifications in applications?

Tagged: ,

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #36728

    Anonymous

    QuestionQuestion

    Let’s say somebody managed to access my application’s source code and injected his code, changed something, or used DvMap is it possible to detect this?

    EDIT: changed “modifications” with “unwanted modifications” in title. Since it’s obvious to detect changes especially if you are using VCS.

    #36729

    Anonymous

    Accepted AnswerAnswer

    1. Use source control

    Every time you make a change to your application’s source code, commit / check it in to a source control service like Git, Mercurial or Team Foundation. If anyone changes your code, source control will inform you that you have changes that were not stored in source control – it will show you not only that the code was edited, but what the edits were (what was added, moved, deleted etc).

    2. Use checksums

    Every time you deploy your application to an .apk file, run a checksum on it and save the checksum value to a few locations with the version number. If you like, even write down the first and last 4 characters in the checksum for the version so that if anyone changes the checksum on your website etc to match their hacked version, you will know. You can’t edit paper

    3. If you have other contributors to your project, heavily document and review each other’s code

    This not only prevents bugs and silly mistakes being pushed to live / production builds, but it also stops anything getting passed someone who notices an intentional flaw. In the event someone adds a back door, it will be noticed.

    4. Take basic security measures on your devices

    This is a basic yet overlooked part of security. Essentially, lock your computer when you aren’t using it. Use long and secure passwords, or a good password manager like LastPass or KeePass. Don’t hand your passwords out to anyone, at all. Don’t click on any suspicious links or open files that you don’t trust. You get the idea.

    Source: https://stackoverflow.com/questions/47882483/is-there-a-way-to-detect-unwanted-modifications-in-applications
    Author: Horkrine
    Creative Commons License
    This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.