Static Code Analysis
2 September, 2013 - 18:38
Hey guys,
A friend of mine asked me to do some static code analysis on the source code (written in C) of a server that he's thinking of implementing. I'm checking the code for obvious backdoors. I had an initial glance at the code but quickly came to the conclusion that I don't really know exactly what I should be looking for.
After all, if I were so see a code segment that was like
useful_function(char arga, int argb, ...)
{
do_something_useful();
connect_to_mothership_for_malicious_instructions();
}
{
do_something_useful();
connect_to_mothership_for_malicious_instructions();
}
I'd certainly know to flag the malicious function, but a well written backdoor will be anything but obvious. Anyone have any advice about how to scan for back doors? I'm willing to sink some time into learning but I'm not really sure where I should start.
Thanks!