Ask the Expert

Obfuscation tools and application security

I read your advice about fuzzing. What makes it different from obfuscators and other tools? Are obfuscators more effective than scanners?

    Requires Free Membership to View

A fuzzing tool or fuzzer is a software test tool used to probe for security vulnerabilities. An obfuscation tool is used to make source code more difficult to understand or complied binary code more difficult to decompile. Fuzzers and code obfuscators address very different elements of security and one tool should not be used in place of the other.

Code obfuscation can be helpful in situations where an application is likely to be reverse engineered. For example, attackers frequently use obfuscation techniques to make computer viruses and backdoor Trojan programs more difficult for security companies to understand and build defenses against. Obfuscation is also used to make Java applets and other applications that are downloaded to a potentially untrustworthy client more difficult to manipulate.

A fun example of manually obfuscated code is the International Obfuscated C Code Contest. (See www.ioccc.org for more.)

More information:

This was first published in October 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: