re: What are the worst security practices you've ever witnessed? VIEW POST


A very large hardware and cloud service re-seller was using unparameterized SQL statements with no other layers of sanitation. Demonstrated to the bosses how 'SELECT * FROM USERS' placed in the Username input field resulted in the table being dumped to the requester... The dump included plain text passwords, credit card numbers, and billing information.

The response to this near criminally flawed level of exposure? 'No one would ever do that. Here, work on this other thing instead.'... I put in my notice that next day.

Fast forward not 3 years and that organization was breached. They are to this day still trying to recover from the damages; both financially and reputation.

Some will say 'why didnt you stay and fix it?'. The organization did not allow engineers to fix things, it was very much a everything for the sale organization. Nothing mattered other than closing the sale. So everything suffered.

I have zero regrets, when I heard about the breach, I laughed, I smiled, I sighed. I felt bad for the team there. I know they got thrown under the bus.

code of conduct - report abuse