|
WebApp Sec
mailing list archives
Re: testing compiled php
From: Attila-Mihaly Balazs <abalazs () bitdefender com>
Date: Sat, 19 Aug 2006 19:14:00 +0300
I see two possible solutions. First maybe you can leverage your (and by
this I mean your companies) buying power to get the source code. Maybe
you can work out a plan with management (yeah, right :) ). Something
along the lines you find X vulnerabilities and then you (your company)
presents the findings in a report which goes along the lines: your code
is very insecure and if you want you to buy your product, sell it with
the source code (probably you have to sign some kind of agreement about
not redistributing the source code, but at least you can take a look at it).
An other way would be to separate it off your main server by using a
virtual machine, an other chrooted instance of apache / mysql or
something like that. Backup that virtual server often and make the
access as restricted as possible. Make sure you write down the risks the
installation of this application creates and communicate it to
management, so when it blows up they can't point their fingers at you.
Hope this helps.
--
This message was scanned for viruses by BitDefender for Linux Mail Servers.
For more information please visit http://www.bitdefender.com/
-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire was recently named the worldwide market leader in Web
application security assessment tools by both Gartner and IDC.
Download a free trial of AppScan today and see why more customers choose
AppScan then any other solution. Try it today!
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
|
Intro
