Scenario 4 – Hidden usage of API and resources

Malicious operations are hidden or prohibited API is called.

Root cause:

  • It is usually caused by lack of awareness or a bad intention
  • Some prohibited API can exist – e.g. application should not invoke threads, access files, perform malicious operations etc.
  • API and resources used by Java application are not explicitly enumerated, thus it is not easy to discover such issues
  • Source code of 3rd party library is not available, thus such one could not be inspected

⇒    As a result it is useful to have overview about API

⇒    It allows for monitoring and blocking of prohibited API usage

Leave a Reply

Your email address will not be published. Required fields are marked *