NYCPHP Meetup

NYPHP.org

[nycphp-talk] [OT] PHP IDS & Web Application Security

Mitch Pirtle mitch.pirtle at gmail.com
Tue Sep 25 11:51:46 EDT 2007


On 9/24/07, Ben Sgro (ProjectSkyLine) <ben at projectskyline.com> wrote:
>
> I recently finished a security audit and pen test for a client. I couldn't
> believe the problems they had.
> They found a developer off CL and with his impressive portfolio decided to
> work with him. Now my
> firm, 8 months later, is fixing all the developers mistakes. They had cookie
> based auth, file upload
> exploits, xss, sql injection, ... you name it we could do it. Anyways, its
> just sad to see these types of
> moonlight coders calling themselves developers and doing an awful jobs at
> writing software and leaving
> their clients exposed.

You know what? As long as the market for geeks remains hot like it is
now, there will be these parasites making us all look bad. Unfortunate
but true, and I distinctly remember observing this last time around in
the late 90s. Once the bubble burst and the economy went into the
toilet, all these folks went back to whatever it was they were doing
before jumping on the web developer bandwagon in disguise.

-- Mitch



More information about the talk mailing list