From: WALI (hkhasgiwale@gmail.com)
Date: Mon Mar 05 2007 - 12:58:18 EST
Hi all...
In order to make a case for logically and physically separating
developer/test environment with production/live environment, I want to
prove that a developer with a malicious intent, carries the risk of
bringing about operational disruption if allowed unmonitored access to his
own developed application code in the production.
Conceptually, I am seeking to demonstrate an application with fraudulent
backdoor access (port) left open by an application developer, which would
seem to override all logical access controls flowing down by Active
directory structure.
How can I demonstrate this proof of concept?
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:38 EDT