• 2 Posts
  • 5 Comments
Joined 2 years ago
cake
Cake day: June 9th, 2023

help-circle
  • I know you’re be facetious here and I’m ignorant to actual application security methodology. I do have to ask though, when you are looking for something in code that could be a security risk, isn’t it possible to look for methods or functions used to lookup DNS, outbound network calls, or even libraries used to obfuscate code? It seems to me that most programmers wouldn’t go through lengths to obfuscate their code and would want it to be readable/maintainable, so doing so would be a red flag.

    Obviously no one is going to search for “evil spyware” when auditing code. Your point stands it is not as simple as that.