Katie Paxton-Fear (InsiderPhD)Nov 25, 2022
Security issues broadly can be boiled down into 2 categories
- Seriously mindblowing 0 days no one even considered that shock and amaze you with the hackers thinking
- Developers that took shortcuts to meet some kind of deadline
Show threadReikagalNov 25, 2022
@insiderphd
Can I offer a third. Developers doing dumb things to get around 2005 ideas that it's all about perimeter security.
Show threadKatie Paxton-Fear (InsiderPhD)
@Reikagal I would kinda say that's a subset of 2, I think devs want to write good, secure code, but they _have_ to get x feature done in y sprint or they'll get bollocked, so they're like "oh if I just turn off CSRF protection I don't get that pesky CSRF error anymore and I can move on to the next bug"
Nov 25, 2022 at 12:46pmWeb