Q

Obfuscation tools and application security

Obfuscator tools are quite different from other application security tools. Expert Brad Arkin lays out the basics of code obfuscation.

I read your advice about fuzzing. What makes it different from obfuscators and other tools? Are obfuscators more effective than scanners?

A fuzzing tool or fuzzer is a software test tool used to probe for security vulnerabilities. An obfuscation tool is used to make source code more difficult to understand or complied binary code more difficult to decompile. Fuzzers and code obfuscators address very different elements of security and one tool should not be used in place of the other.

Code obfuscation can be helpful in situations where an application is likely to be reverse engineered. For example, attackers frequently use obfuscation techniques to make computer viruses and backdoor Trojan programs more difficult for security companies to understand and build defenses against. Obfuscation is also used to make Java applets and other applications that are downloaded to a potentially untrustworthy client more difficult to manipulate.

A fun example of manually obfuscated code is the International Obfuscated C Code Contest. (See www.ioccc.org for more.)

More information:
This was first published in October 2006

Dig deeper on Software Security Testing Tools

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSOA

TheServerSide

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

Close