|
|
|
|
|
|
by sebcat
4011 days ago
|
|
|
Anecdotally, I've recently come across XSS in search fields and SQL injections in login forms. One could argue that because of reputation and market share, Matasano gets customers who prioritizes security, making such vulnerabilities less occurring for Matasano customers. Your points are valid. Even if secure development practices exists, there's a lot of software in production being run by companies and government agencies with a very poor understanding of these practices. It may also be that these entities have very good security departments, but these departments are very limited in what they can improve internally because of lack in resources or policies. There's a lot of companies out there who outsource a lot of stuff to people who don't know how to write secure code. Like White Hat (Error138): https://github.com/WhiteHatSecurity/Aviator/blob/e2d03093b94... There's a lot of different angles to it. |
|
|