Secure Coding mailing list archives
SC-L Digest, Vol 6, Issue 56
From: ljknews at mac.com (ljknews)
Date: Sat, 20 Mar 2010 07:18:58 -0400
At 7:56 PM +0200 3/19/10, AK wrote:
It is way easier for attackers to reverse engineer desktop applications than web applications. Assuming proper server configuration, it is next to impossible for an attacker to get the server side source code or compressed form (e.g WARs) for a web application and proceed with disassembly/decompilation/patching.
Assuming proper _desktop_ configuration, the user does not have the ability to modify the programs they will execute, nor change the protections of objects on the system. http://nvd.nist.gov/fdcc/fdcc_faq.cfm Yes, physical access to a computer means ultimately it is possible to gain control, but the necessary measures to not constitute "easier", and given control of one test machine it is not at all trivial to transfer that to control of another machine, especially if the machines are not connected to a common network. -- Larry Kilgallen
Current thread:
- SC-L Digest, Vol 6, Issue 56 AK (Mar 19)
- SC-L Digest, Vol 6, Issue 56 ljknews (Mar 20)
- <Possible follow-ups>
- SC-L Digest, Vol 6, Issue 56 AK (Mar 19)