Home > Ask the Software Quality Experts > Application Security Questions & Answers > Obfuscation tools and application security
Ask The Software Quality Expert: Questions & Answers
EMAIL THIS

Obfuscation tools and application security

Brad Arkin EXPERT RESPONSE FROM: Brad Arkin

Pose a Question
Other Software Quality Categories
Meet all Software Quality Experts
Become an Expert for this site


Software quality news and advice
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 17 October 2006
I read your advice about fuzzing. What makes it different from obfuscators and other tools? Are obfuscators more effective than scanners?

>
EXPERT RESPONSE

A fuzzing tool or fuzzer is a software test tool used to probe for security vulnerabilities. An obfuscation tool is used to make source code more difficult to understand or complied binary code more difficult to decompile. Fuzzers and code obfuscators address very different elements of security and one tool should not be used in place of the other.

Code obfuscation can be helpful in situations where an application is likely to be reverse engineered. For example, attackers frequently use obfuscation techniques to make computer viruses and backdoor Trojan programs more difficult for security companies to understand and build defenses against. Obfuscation is also used to make Java applets and other applications that are downloaded to a potentially untrustworthy client more difficult to manipulate.

A fun example of manually obfuscated code is the International Obfuscated C Code Contest. (See www.ioccc.org for more.)

More information:


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Application Security
PCI DSS compliance: WAF, code review or both?
Application security careers have bright future
How to prevent anti-DNS pinning attacks
Open source application security testing tools
Java application security features and measures
Web application security testing basics
Password recovery with .NET 2.O using C#
Free load and performance testing tools
The most effective time to do security testing
Finding backdoor threats within applications

Software security testing tools
Static analysis tool helps software engineers find bugs during builds
Web security: Web services an overlooked entry point for attacks
Automated security tool finds flaws in enterprise apps
Parasoft enhances its Application Security Solution
Web application security and the PCI DSS
PCI DSS compliance: Code review
PCI compliance help via Fortify software
Homeland Security-backed effort shows defects drop in open source software
Cenzic Web application security tool targets CSRF attacks
Ruby on Rails security audit service available

Web application security tools and services
Static analysis tool helps software engineers find bugs during builds
Automated security tool finds flaws in enterprise apps
Parasoft enhances its Application Security Solution
Cenzic Web application security tool targets CSRF attacks
Ruby on Rails security audit service available
Secure software measures: Their strengths and limitations
HP software security suite treats vulnerabilities as defects
Dynamic analysis tool from Coverity looks at concurrency defects
Veracode provides security audits for externally sourced code
Enhanced application protection in Dotfuscator Professional 4.3

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2006 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts