Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Dumb Security Questionnaires (2018) (latacora.micro.blog)
3 points by mooreds on June 8, 2020 | hide | past | favorite | 1 comment


Having recently gone through an external security assessment, this article is really on target. Especially worth reading are the "top 4" threats at the bottom of the article, which I'll extract out here:

  - A developer is going to leave an AWS credential somewhere an attacker can find it.
  - An employee password is going to get credential-stuffed into an admin interface.
  - A developer is going to forget how to parameterize an ORDER BY clause and introduce an SQLI vulnerability.
  - A developer is going to set up a wiki or a Jenkins server on an EC2 instance with a routable IP and an open security group.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: