Home page logo

basics logo Security Basics mailing list archives

Admin rights via backdoors
From: WALI <hkhasgiwale () gmail com>
Date: Fri, 09 Mar 2007 18:02:22 +0400

Hi Guys

I do understand the risks of seeing open ports on servers using nmap/nessus but need to demonstrate a concept to my managers, the need for segregating software developers and production environments, especially pertaining to an financial application being built in-house.

I maintain that getting admin rights into an application while bypassing logical access controls flowing down from Active directory or OS level is trivial for a programmer if he hard codes some backdoor entry ports replete with usernames and passwords. They disagree that if they have no AD rights granted on the resource (different AD domains / filers etc), there is no reason to physically isolate developers from production.

Is my contention conceptually correct? How can I demonstrate this with a dummy application?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]