R159. Obfuscate code

Requirement

The source code must be obfuscated in production environments.

References

  1. BSIMM9 SE3.2: 13. Use code protection. To protect intellectual property and make exploit development harder, the organization erects barriers to reverse engineering its software

  2. CAPEC-188: Reverse Engineering. An adversary discovers the structure, function, and composition of an object, resource, or system by using a variety of analysis techniques to effectively determine how the analyzed entity was constructed or operates.

  3. CWE-1269: Product Released in Non-Release Configuration. The product released to market is released in pre-production or manufacturing configuration.

  4. OWASP-ASVS v4.0.1 Appendix C: Internet of Things Verification Requirements.(C.18) Verify security controls are in place to hinder firmware reverse engineering (e.g., removal of verbose debugging symbols).

  5. OWASP-ASVS v4.0.1 Appendix C: Internet of Things Verification Requirements.(C.34) Verify that micro controllers are configured with code protection (if applicable).

Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.

Service status - Terms of Use - Privacy Policy - Cookie Policy