Re: testing compiled php

[Attila-Mihaly Balazs <abalazs () bitdefender com>]

I see two possible solutions. First maybe you can leverage your (and by 
this I mean your companies) buying power to get the source code. Maybe 
you can work out a plan with management (yeah, right :) ). Something 
along the lines you find X vulnerabilities and then you (your company) 
presents the findings in a report which goes along the lines: your code 
is very insecure and if you want you to buy your product, sell it with 
the source code (probably you have to sign some kind of agreement about 
not redistributing the source code, but at least you can take a look at it).

An other way would be to separate it off your main server by using a 
virtual machine, an other chrooted instance of apache / mysql or 
something like that. Backup that virtual server often and make the 
access as restricted as possible. Make sure you write down the risks the 
installation of this application creates and communicate it to 
management, so when it blows up they can't point their fingers at you.

Hope this helps.

--
This message was scanned for viruses by BitDefender for Linux Mail Servers.
For more information please visit http://www.bitdefender.com/


-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire was recently named the worldwide market leader in Web 
application security assessment tools by both Gartner and IDC. 
Download a free trial of AppScan today and see why more customers choose 
AppScan then any other solution. Try it today!
 
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------