It would be no exaggeration to say that to a large extent, our digital lives are governed by software applications. From the word processor in our office computers, to the ATMs that give us easy access to cash for our daily needs, to the social networking Web applications we use to interact with our friends; software applications have permeated our lives to a degree unimaginable before. Software development itself has matured from producing yesterday’s mammoth-sized applications, bearing millions lines of code, to the slick, lightweight applications running on today’s smart-phones. Similarly, software developers, who were once considered to be the geekiest of information technology (IT) professionals, churning out endless streams of 1s and Os, are now in great demand with hundreds of IT graduates vying to join their ranks every year. However, while the art of developing software has evolved from cumbersome text-based editors to today’s Integrated Development Environments (IDE), certain source code-based risks remain similar to what they were in the early days of computing.

Security in source code:

Due to the exponential rise in the number of attacks on the application layer, software security has been one of the most talked- about topics in recent years. While the threat of external attacks on any application remains ever present, any IT professional can attest that the most dangerous threats always come from an insider – a person who has access to the organisation’s systems, and chooses to misuse this access for personal gain. In this regard, the possibility of programmers inserting malicious instructions into an application’s source code is one of the biggest Information security threats an organisation can face. This threat is especially prevalent in today’s economic environment where organisations frequently buy and install commercial, off-the-shelf applications, and outsource large parts of their software development processes to offshore locations in a bid to reduce their costs.

Backdoor entry:

Programmers often secretly insert snippets of code into their applications to play practical jokes on their colleagues, causing things such as unexpected smiley faces or hidden messages to suddenly appear on the screen. These are usually harmless pranks and are removed before the application is shipped off or deployed. However, there is always a possibility that programmer secretly inserts back-doors or maintenance hooks into an application’s source code. These backdoors include hardcoded instructions that allow the programmers to bypass normal authentication login screens and give them full superuser or privileged access to a running system. Backdoors are usually hidden and do not appear on any system documentation; however,they are typically used for easy troubleshooting and administration purposes. Unfortunately, their potential for malicious use and the repercussions of said use should not be underestimated. There have been several cases of software companies being slapped with lawsuits as a result of backdoors in their applications. In many cases, even the company heads are kept in the dark about the presence of backdoors, which may have been inserted by a programmer without their knowledge.