|
|
|
|
|
|
by Stuckinsofa
2651 days ago
|
|
|
Sorry but this type of issue often occur because developers has your mindset. I've had so many auditors and security reviewers ask me "how do you hash your password?" but no one has asked me if I log http request, session tokens, outbound emails or any other thing where sensitive data can be transmitted. Nor have they asked me what the actual process for rotating credentials when employees leave, more than "Do you do it?" |
|
|