It's understandable, because it was management that had asked me to pentest and the devs weren't really prepared. They already had a lot on their plate, as they were getting ready to go live.
They could've taken more time though, and ironed out the issues with the site. Maybe a week extra. Would've saved them all the trouble.
I understand the balance act from the business side, as I work in the real world for large company. But given what happened, it is a go to example of why you shouldn't ignore large and obvious security flaws for any length of time. In the context of the story. The company hired security testers. Found out there was a huge (and relatively simple) problem. Did not fix it and experienced a worse case scenario. Which doesn't help in the "not lose business" side of things. You point is very valid and those business decisions can be difficult at times. But in the context of the story shared it is a prime example of the wrong choice.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
It's incredible that you were asked to pentest the website, and then they ignored your findings! Insane.
It's understandable, because it was management that had asked me to pentest and the devs weren't really prepared. They already had a lot on their plate, as they were getting ready to go live.
They could've taken more time though, and ironed out the issues with the site. Maybe a week extra. Would've saved them all the trouble.
Yeah, but a security vulnerability on that scale should not be ignored no matter what. People just never seem to learn.
Sometimes people choose earlier launching to not lose the business.
I understand the balance act from the business side, as I work in the real world for large company. But given what happened, it is a go to example of why you shouldn't ignore large and obvious security flaws for any length of time. In the context of the story. The company hired security testers. Found out there was a huge (and relatively simple) problem. Did not fix it and experienced a worse case scenario. Which doesn't help in the "not lose business" side of things. You point is very valid and those business decisions can be difficult at times. But in the context of the story shared it is a prime example of the wrong choice.