[ale] Freelance web-devs make in-secure sites

Jim Kinney jim.kinney at gmail.com
Thu Jun 8 08:09:55 EDT 2017


Hah!

Sad but true.

Certain aspects of programming should be required to be
run/directed/managed by licensed professional engineers. Finance,
utilities, and medical are the top three for me that scream for real
professional programming. We don't let precocious high schoolers build
bridges just because they were really good with lego blocks. Engineering of
physical things protects itself with professional standards. Engineering of
virtual things needs to do the same.

On Jun 8, 2017 7:44 AM, "Adrya Stembridge" <adrya.stembridge at gmail.com>
wrote:

> For $250 they got about what they paid for.
>
> On Thu, Jun 8, 2017 at 6:42 AM, DJ-Pfulio <DJPfulio at jdpfu.com> wrote:
>
>> Of the 17 commissioned projects by Tripwire (a security firm), 10
>> websites were completed and purchased.
>>
>> The researchers found that every website had critical security failures.
>> Read more here:
>>
>> https://www.helpnetsecurity.com/2017/06/08/website-security/
>>
>> * Unauthorized users allowed (all) - Check
>> * Allowed hackers to upload a PHP webshell (all) - Check
>> * Allowed auth bypass via SQL injection (several) - Check
>> * Allowed content modification via SQL injection (half) - Check
>>
>> Short, but interesting read.
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20170608/1d2cf474/attachment.html>


More information about the Ale mailing list