bpblack

Masshole turned hill person.

Block user

Recent

bpblack brianpark's article
Nov 16, 2018 at 20:29
Nov 16, 2018
Pinkbike's Development Team Is Hiring
@canadaka: Ah, I'm being the stereotypical infosec jerk. I'm jaded, it's the end of the week, and I'm being a security scold based on a snippet. My bad. Appsec is hard, and scolding doesn't win over any devs, I know. Keep on validating that potentially user controlled data.
bpblack brianpark's article
Nov 16, 2018 at 17:32
Nov 16, 2018
Pinkbike's Development Team Is Hiring
@JackSB: right, but the problem there is that assumes the DB itself isn't compromised. If there's SQLi elsewhere, there's no guarantee that data from the db is safe.
bpblack brianpark's article
Nov 16, 2018 at 12:36
Nov 16, 2018
Pinkbike's Development Team Is Hiring
@JackSB: String concatenated sql queries instead of prepared statements. Yeah, probably not doing all the OWASP mitigations. Just because it works doesn't mean anything with regards to security. That's the mentality that has lead to the absolute free for all of vulnerabilities in production software.
Load more...
You must login to Pinkbike.
Don't have an account? Sign up

Join Pinkbike  Login


Copyright © 2000 - 2024. Pinkbike.com. All rights reserved.
dv42 0.014116
Mobile Version of Website