Penetration Testing mailing list archives
Proof of concept - Segregation of developers
From: WALI <hkhasgiwale () gmail com>
Date: Mon, 05 Mar 2007 21:58:18 +0400
Hi all...In order to make a case for logically and physically separating developer/test environment with production/live environment, I want to prove that a developer with a malicious intent, carries the risk of bringing about operational disruption if allowed unmonitored access to his own developed application code in the production.
Conceptually, I am seeking to demonstrate an application with fraudulent backdoor access (port) left open by an application developer, which would seem to override all logical access controls flowing down by Active directory structure.
How can I demonstrate this proof of concept? ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Proof of concept - Segregation of developers WALI (Mar 05)
- RE: Proof of concept - Segregation of developers Dunn, Kevin (Mar 05)
- Re: Proof of concept - Segregation of developers David M. Zendzian (Mar 06)
- Message not available
- RE: Proof of concept - Segregation of developers WALI (Mar 06)
- Re: Proof of concept - Segregation of developers Mathieu CHATEAU (Mar 09)
- RE: Proof of concept - Segregation of developers WALI (Mar 06)
- RE: Proof of concept - Segregation of developers Dunn, Kevin (Mar 05)