Testing a Legacy Application for Vulnerabilities with DerScanner Binary Analysis

Hi everyone, Dan Chernov from DerScanner here. Today, I want to talk about the challenges of dealing with legacy applications and the importance of ensuring their security. Legacy applications, often written by developers who are no longer with the company, can pose significant security risks, especially when the source code is no longer accessible. However, this doesn't mean that the company can simply stop using these applications. Ensuring their safety is crucial, and that's where DerScanner comes in.

The Challenge of Legacy Applications

Imagine you're in charge of information security at your company. The company relies on an application written by a developer named George, but you have no idea who George is, and you no longer have access to the source code of his application. Despite these challenges, the company must continue using the application for the foreseeable future, and you need to ensure its security.

How DerScanner Can Help

DerScanner offers a solution for this type of problem. It can analyze executable files of applications written in various languages, including C, C++, and Java, as well as applications developed for mobile platforms like iOS and Android. Here's how it works:

1. Drag and Drop: Simply drag and drop the executable file of the legacy application into DerScanner.
2. Scan: DerScanner will scan the application for vulnerabilities.
3. Results: Once the scan is complete, you'll receive a total security score and a chart showing the vulnerabilities and their types.

Interpreting the Results

The initial results, such as the total security score and vulnerability charts, provide a high-level overview of the application's security status. However, this information alone may not be enough to take action. That's where the detailed results come in.

DerScanner is capable of reconstructing the source code from the executable files you provide for analysis. This allows you to pinpoint the exact location of vulnerabilities in the source code, even if you no longer have access to the original source code. This detailed information is invaluable for understanding the security issues within the application.

Taking Action with Web Application Firewall Configuration Guide

You might be thinking that while this information is useful, it may not be particularly helpful if you can't make changes to the source code. Fortunately, DerScanner has a solution for this scenario as well. For every vulnerability encountered during the scan, DerScanner provides a Web Application Firewall (WAF) Configuration Guide.

Even if you can't modify the source code, you can still utilize other protection measures to ensure that the vulnerabilities don't result in exploits. DerScanner supports solutions by F5, ModSecurity, and Imperva, offering detailed step-by-step guides on how to configure these WAFs to prevent vulnerabilities from causing trouble.

See DerScanner Binary Analysis for Legacy Apps in Action

Conclusion

Dealing with legacy applications can be challenging, especially when the source code is no longer accessible. However, ensuring their security is crucial for the safety of your company's information. DerScanner provides a comprehensive solution for analyzing and securing legacy applications, offering detailed results and actionable steps to mitigate vulnerabilities. Stay safe and secure your legacy applications with DerScanner.