Home page logo
/

pen-test logo Penetration Testing mailing list archives

Proof of concept - Segregation of developers
From: WALI <hkhasgiwale () gmail com>
Date: Mon, 05 Mar 2007 21:58:18 +0400

Hi all...

In order to make a case for logically and physically separating developer/test environment with production/live environment, I want to prove that a developer with a malicious intent, carries the risk of bringing about operational disruption if allowed unmonitored access to his own developed application code in the production.

Conceptually, I am seeking to demonstrate an application with fraudulent backdoor access (port) left open by an application developer, which would seem to override all logical access controls flowing down by Active directory structure.

How can I demonstrate this proof of concept?


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]