Proof of concept - Segregation of developers
- From: WALI <hkhasgiwale@xxxxxxxxx>
- Date: Mon, 05 Mar 2007 21:58:18 +0400
Hi all...
In order to make a case for logically and physically separating developer/test environment with production/live environment, I want to prove that a developer with a malicious intent, carries the risk of bringing about operational disruption if allowed unmonitored access to his own developed application code in the production.
Conceptually, I am seeking to demonstrate an application with fraudulent backdoor access (port) left open by an application developer, which would seem to override all logical access controls flowing down by Active directory structure.
How can I demonstrate this proof of concept?
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
- Follow-Ups:
- RE: Proof of concept - Segregation of developers
- From: Dunn, Kevin
- RE: Proof of concept - Segregation of developers
- Prev by Date: Re: The legal / illegal line?
- Next by Date: RE: Blue Team ROE
- Previous by thread: ShmooCon ticket?
- Next by thread: RE: Proof of concept - Segregation of developers
- Index(es):
