People are afraid of new tools and don't understand how they benefit from the tools. They see tools as toys. In general, of course.
Personally, I'd do static analysis on SQL and some kind of behavior driven testing because I have no idea how to apply TDD to SQL.
On larger scale, run automated tests in your CI/CD pipeline (like Jenkins with JMeter). Explain to your team that large scale security tests are done with automated tools, I mean finding sql injection bugs and, in general, fuzzying.
On fuzzying, you can find quite many tools and research papers. Google did nice progress on Chrome thanks to fuzzying.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
People are afraid of new tools and don't understand how they benefit from the tools. They see tools as toys. In general, of course.
Personally, I'd do static analysis on SQL and some kind of behavior driven testing because I have no idea how to apply TDD to SQL.
On larger scale, run automated tests in your CI/CD pipeline (like Jenkins with JMeter). Explain to your team that large scale security tests are done with automated tools, I mean finding sql injection bugs and, in general, fuzzying.
On fuzzying, you can find quite many tools and research papers. Google did nice progress on Chrome thanks to fuzzying.