• Home
• Topics
• Software Requirements Best Practices
• Building security into the SDLC (Software development life cycle)
• Obfuscation may prevent reverse engineering

Obfuscation may prevent reverse engineering

Requires Free Membership to View

Login



When you register, you'll receive targeted emails designed to keep you informed of the most relevant information on Agile development, application security, testing & QA, software requirements, and more.

Hannah Smalltree, Editorial Director

• E-mail Address: 

By submitting your registration information to SearchSoftwareQuality.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSoftwareQuality.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Languages like C and C++ are compiled down to machine code – the binary instructions passed in to the processor for execution. It is possible to reverse engineer these binaries into Assembly language which is slightly higher level than the machine code, but still fairly inscrutable. Platforms such as Java and .NET compile their source down into bytecodes that are fed to a virtual machine before being interpreted and actually executed by the processor. The drawback of this approach -- from a code security standpoint -- is that most platforms using this approach have fairly high-level bytecodes and often store a lot of metadata in the bytecode files. This makes it possible to reconstruct part or all of the original source code from the binary application via decompilation.

Obfuscation is a technique that is often used to protect application source code. Obfuscation is the practice of stripping out potentially revealing metadata, renaming useful class and variable names to meaningless labels and adding unused or meaningless code to an application binary in order to defeat reverse engineering.

There are a number of obfuscation tools available for NET. For example, Visual Studio .NET ships with the Dotfuscator Community Edition obfuscation tool to use as a starting point. It is important to understand that obfuscation is not a drop-in solution to code reverse engineering problems. Because of the object-oriented, late-binding nature of many .NET constructs, some .NET code requires that classes maintain their original names. Obfuscation will need to be tuned to the particular application where it is used to ensure that systems continue to behave properly.

• PreEmptive package helps make obfuscation part of the SDLC
• Learning Guide: Application security testing techniques has a section on obfuscation
• Obfuscation tools and security

Dig Deeper

This was first published in November 2006

More from Related TechTarget Sites

• SOA
• Java
• Windows Development
• Oracle
• Cloud computing
• Business Analytics

• SOA

  • Service virtualization arises to meet services testing obstacles

    Service virtualization allows teams to simulate services before they are truly available. That’s a plus for Agile development and integration testing.

  • App integration advisory: Use ESBs for message routing, translation

    Middleware experts advise that an ESB can help a SOA, but it can be harmful if used in the wrong cases.

  • How will mainframes fare in the face of mobile and Web?

    Heard at IBM Impact: Mainframes mean high-integrity transactions. How does this jibe with mobile apps using ''eventually consistent'' transactions?

• Java

  • FuseSource releases enterprise products at CamelOne 2012

    Here at CamelOne 2012, FuseSource is releasing two new products – Fuse ESB Enterprise 7.0 and Fuse MQ Enterprise 7.0.

  • Open source integration framework keeps motorists safe in the UK

    Automotive rescue and recovery services in the UK gained significant messaging advantages over the past few years. The new Automotive Network Services (ANS) system, built and maintained by Apex Networks, connects automotive clubs and insurance agencies with the mechanics, riggers, and first responders that provide emergency services to accidents and disabled vehicles.

  • Scaling up and scaling out to meet new business demands

    Scaling up and scaling out are two ways for growing businesses to increase productivity, but doing so blindly may be more costly than it's worth.

• Windows Development

  • Where can I find Visual Basic 6.0 DataEnvironment code samples?

    Get information on the best places to find Visual Basic DataEnvironment 6.0 code samples.

  • Testing methods in Visual Studio 2010

    This is the second part in a two part series on unit testing in Visual Studio 2010.

  • Unit testing in Visual Studio 2010

    Visual Studio 2010 contains a unit testing framework, and I’ll show you how to use it to automate your own unit tests.

• Oracle

  • Implementing a Hyperion system in 3 weeks -- it can be done

    An Oracle Hyperion system implementation in three weeks? Yes, it can be done. Communications firm Neustar implemented Hyperion in less than a month and gained efficiencies in the process.

  • Las Vegas expands its Oracle business intelligence horizons for better government transparency

    The city of Las Vegas underwent a three-year Oracle business intelligence project to bring more data to its employees and the public. The city's IT manager explains how it happened.

  • Midmarket companies find JD Edwards upgrades a good fit

    At some point, your JD Edwards shop will have to decide whether to switch to a different product, upgrade or stay where you are. Learn what two other organizations did when working through JD Edwards upgrades.

• Cloud computing

  • An open dialog on open source cloud

    Advocates of open source cloud may swear by its ‘no rules’ development environment, but a lack of in-house expertise may just have you swearing.

  • HP and Dell dominate server market but struggle in cloud

    HP and Dell are the largest hardware makers, but the two companies struggle to present strategies that portray them as serious cloud players.

  • Download the Private Cloud E-Zine

    Get exclusive access to this expert bi-monthly e-zine with essential resources for building your private cloud infrastructure.

• Business Analytics

  • To glean value from 'big data' projects, it may take more than Hadoop

    Organizations will have to push beyond storage requirements and basic business intelligence tools to exploit big data, according to a Gartner analyst.

  • On the go the way to go? Answer lies with building mobile BI business case

    According to a recent Gartner survey, mobile technology is the second most important priority for CIOs in 2012, but building the business case is easier said than done.

  • Basic vs. complex: Companies walk the line on analytics best practices

    Businesses looking to build effective business intelligence and analytics programs have to toe the line between focusing on the basics and using new technology to build more complex BI systems.

• About us
• Contact us
• Site index
• Privacy policy
• Advertisers
• Business partners
• Events
• Media kit
• TechTarget corporate site
• Reprints
• Site map