[nycphp-talk] [OT] PHP IDS & Web Application Security
inforequest
1j0lkq002 at sneakemail.com
Fri Sep 28 01:54:46 EDT 2007
Mitch Pirtle mitch.pirtle-at-gmail.com |nyphp dev/internal group use|
wrote:
>On 9/24/07, Ben Sgro (ProjectSkyLine) <ben at projectskyline.com> wrote:
>
>
>>I recently finished a security audit and pen test for a client. I couldn't
>>believe the problems they had.
>>They found a developer off CL and with his impressive portfolio decided to
>>work with him. Now my
>>firm, 8 months later, is fixing all the developers mistakes. They had cookie
>>based auth, file upload
>>exploits, xss, sql injection, ... you name it we could do it. Anyways, its
>>just sad to see these types of
>>moonlight coders calling themselves developers and doing an awful jobs at
>>writing software and leaving
>>their clients exposed.
>>
>>
>
>You know what? As long as the market for geeks remains hot like it is
>now, there will be these parasites making us all look bad. Unfortunate
>but true, and I distinctly remember observing this last time around in
>the late 90s. Once the bubble burst and the economy went into the
>toilet, all these folks went back to whatever it was they were doing
>before jumping on the web developer bandwagon in disguise.
>
>-- Mitch
>
>
Wow Mitch, you just described the SEO field to a T.
-=john
--
-------------------------------------------------------------
Your web server traffic log file is the most important source of web business information available. Do you know where your logs are right now? Do you know who else has access to your log files? When they were last archived? Where those archives are? --John Andrews Competitive Webmaster and SEO Blogging at http://www.johnon.com
More information about the talk
mailing list