Anti-Subversion Software

Software subversion is the process of making software perform unintended actions either by tampering with program code or by altering behavior in another fashion. For example, code tampering could be used to change program code to load malicious rules or heuristics, SQL injection is a form of subversion for the purpose of data corruption or theft^[1] and buffer overflows^[2] are a form of subversion for the purpose of unauthorised access. These attacks are examples of computer hacking.

Anti-Subversion Software detects subversion and attempts to stop the effects of the hack. Software applications are vulnerable to the effects of subversion throughout their lifecycle from development to deployment, but particularly in operation and maintenance.^[3]

Anti-subversion protection can be accomplished in both a static and dynamic manner:

• Static anti-subversion is performed during the construction of the code. The code is statically tested and verified against various attack types by examining the program source code. Examples of static anti-subversion include security auditing, code verification, and fuzzing. Static anti-subversion is generally seen as a good coding practice, and is deemed necessary in some compliance regimes. However, static solutions cannot prevent all types of subversion attacks.
• Dynamic anti-subversion is performed during code execution. The code is dynamically protected against subversion by continuously checking for unintended program behaviours. Examples of dynamic anti-subversion include application firewalls, security wrappers, and protection embedded in the software.^[4]

Software applications running on desktops, corporate servers, mobile devices and embedded devices are all at risk from subversion.^[5]

References