I'm seeing people defending clearly-injectable code and I'm just stunned.

And this person in particular is supposed to be responsible (at least partially) for finding security flaws.

I don't know what to say.

  • 32
    "I am pretty sure we do this all over the place"

    That isn't helping my sanity, Mike!
  • 13
    Since i got my apprenticeship, i got to see some of the code written for enterprise use, by some other companies before we took it over, and started to maintain and rewrite it.

    By that i have come to the conclusion, by seeing some of the retarded shit written by some of these "smarty pants" developers apparently. It does require its own kind of skills to write a certain kind of shit code.

    That should tell you even some people attending some fancy universities, arent able to use basic logic.
  • 5
    For fun, make a script that goes through payload all the things, and if it hits anything, emails the CTO with a big red X in the subject line.
  • 0
    You should inject it as a "toldja so"?
  • 1
    he's defending his job security

    oh wait...
  • 4
    Nah, it's not about security. It's just supporting dependency injection by design! :]
  • 1
    @Lensflare I know you're joking but you can dependancy inject without punching holes in your security.
  • 0
    I would just write tests that prove its exploitable from outside and let them deal with the fallout.
  • 3
    @vorticalbox I made fun of them on slack in front of the dev and security teams. It got fixed. 😊
  • 0
    @Root works too lol
Add Comment