|
|
|
|
|
|
by viccis
38 days ago
|
|
|
These kind of things (internal tools created out of band of normal engineering practices by non-engineers) were amazing back when I did pentesting because the security was always the last consideration. That got harder when SaaS became preferable to rolling your own stuff for everything. Guess things are gonna get fun again for red teams lol |
|
|
The danger is not however that only that people write their own tools for calculations and capacity planning etc.
The danger is people make useful stuff that is very fine as long it is just an internal tool, but then someone add credentials to other systems so it can access and maybe even update stuff and it gets exposed to third parties etc and all of a sudden we have a major data breach going on.