J
Jehad Hamed
Guest
We would like to sign the executables for the windows webclient or prowc.exe. As per the vulnerability report from our security group: Digitally signing executable and scripts confirms the software author and guarantees that the code has not been altered or corrupted since it was signed by use of a cryptographic hash. Digital signatures ensure the authenticity and integrity of the entities. Recommendation The application executable and its components must be digitally signed by a trusted source. To verify the publisher and to validate the authenticity of an application binary, it must have a valid digital signature that roots to a trusted system certificate authority which means it has to be signed with a digital certificate issued to the company to which this application belongs to. A valid and legitimate application binary should have the below mentioned entries which helps in identifying the binary as a legitimate application belonging to the Company that owns the application rights: File Name/Internal Name - Apart from the EXE name of the application binary, it will carry the actual file name with which this binary was compiled. File Version - The application binary should carry the proper version details for identifying its build and make properly. Company Name - The application binary should carry the company name of the application owner. Copyright Information - A valid application binary should have the copyright details of the company it belongs to. It may also deter the possibility of a reverse engineering activity as a Decompilation tools or Debuggers would through up a Copyright Protection warning when it encounters these details in the binary. Company Signature - To verify the publisher and to validate the authenticity of an application binary. · Legal Trademarks - This identifies the legality of the product and the association of the product with the registered company
Continue reading...
Continue reading...