I'm a developer working on a POC for an internal web app (Python\SQL) which will handle sensitive employee information within our company. In going over the application with our security department to decide whether or not we want to use it...we went over the design and how sensitive data is encrypted and protected end to end from where it is displayed to the user in the web app, back to where it is encrypted in the database so that even dbas cannot access it.
At some point I was asked if we could use a tool to dynamically look at what is happening in memory to make sure there are no issues. I guess what they were getting at was how we account for buffer overflow attacks or memory leaks, but they were being very vague. We went over how this is all handled by the Python Memory Manager which was not a good enough answer. They were insistent that there was some sort of tool that we could purchase for this.
I don't have a background in memory forensics, but my basic understanding of how virtual memory is managed by the OS and assigned to processes makes me skeptical that something like that exists. Am I wrong on this, and even so is this overkill? Because I feel like I am getting the run around.
