376 – Security controls bypass or absence - Reversing Protection
Description
The application does not have anti-reverse engineering protections. Sophisticated reverse engineering tools and techniques could bypass weak security controls against reversing protection.
Impact
- Reveal cryptographic constants and ciphers. - Steal intellectual property. - Perform attacks against back end systems.
Recommendation
- Encrypt the executable version of the software. - Use additional protection against reverse engineering, a combination of obfuscation techniques. - Extend the same protection to software or firmware upgrades. - Select automated anti-reversing techniques based on which one could provide a best fit for business security goals, performance requirements, and cost sensitivity.
Threat
Anonymous attacker performing an analysis of the final core binary to determine its source code, algorithms and resources embedded within the app to execute dubious actions.
Expected Remediation Time
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: P
- Attack complexity: L
- Attack Requirements: N
- Privileges required: N
- User interaction: N
- Confidentiality (VC): L
- Integrity (VI): N
- Availability (VA): N
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
- Exploit maturity: X