A company used a partner company to develop critical components of an application. Several
employees of the partner company have been arrested for cybercrime activities. Which of the
following should be done to protect the interest of the company?
A.
Perform a penetration test against the application
B.
Conduct a source code review of the application
C.
Perform a baseline review of the application
D.
Scan the application with antivirus and anti-spyware products.
If the company is a partner company then a source code review would be possible so I think the answer is B.
2
0
Penetration testing evaluates an organization’s ability to protect its networks, applications, computers and users from attempts to circumvent its security controls to gain unauthorized or privileged access to protected assets.
Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems from newly discovered attacks and vulnerabilities.
The standard configuration on a server is known as the baseline.
The IT baseline protection approach is a methodology to identify and implement computer security measures in an organization. The aim is the achievement of an adequate and appropriate level of security for IT systems. This is known as a baseline.
A baseline report compares the current status of network systems in terms of security updates, performance or other metrics to a predefined set of standards (the baseline).
This is an ambiguous question. All 4 options are good attempts. They all help. Frankly, my first pick is B. After reading the question 3 times, and I would assume the company does not have the source code handy (its partner company has it). It is why the author picks the answer A.
1
1
The answer is “Conduct a source code review of the application.”
If a partner company is guilty of cybercrime activities, then their components cannot be trusted, and malicious intent could be directed toward the company itself, toward its customers, or (through zombie systems) as a platform for other malicious activities.
A baseline review is a good idea, but won’t show malicious code. Likewise, a penetration test might reveal vulnerabilities in the application itself, but will not reveal the kinds of issues which are the potential threat coming from inside the application. Scanning the application with anti-virus and anti-spyware might find malicious code, but anything in there that shouldn’t be is likely to be a zero-day threat, not something a signature-based scan would find.
The only thing that will find what nasty things might be in there would be a source code review, so that has to be the answer.
Hopefully the company has also maintained change management and revision control, because every system exposed to that company is at risk as well.
3
0
I agree with source code review. Assuming that the partners did input backdoor into the code, a penetration test is one where you attack known vulnerabilities. Unless the malicious partners tell you what the vulnerabilities are, you are shooting in the dark. You might get lucky and ID a vulnerability but odds are against you.
Source code review means that the coders relook then entire code. Again, assuming the partners hid malicious code, only a thorough vetting of the code is likely to find the problems. Clearly, this depends upon having the code and having the expertise to recognize bad code. Still the best answer.
3
0
I chose
B
1
0
Very ambiguous question indeed. I agree with B.
The answer was given as “A-Perform a penetration test against the application.” This would show any vulnerabilities, but will fall short of proving whether or not the “partner company” has committed any cybercrimes against the “partner”
Performing “B-Conduct a source code review of the application” will show whether the code was (1) modified, (2) tampered with or (3) coded in such a way to allow such illicit activities.
1
0