[Dailydave] The Correct Amount
dave aitel
dave at immunityinc.com
Tue Aug 2 10:40:25 EDT 2016
Last week I did the technical review of one of our deliverables. Super
secure website, run by smart people. They'd limited their exposure to
one PHP file. But a good security services company provides strategic
advice, along with individual tactical recommendations. In this case,
the consultant found two critical vulnerabilities in just that one
lonely PHP file. Our strategic recommendation is always this: Use as
much PHP on your website as cigarettes you would allow a pregnant woman
to smoke per day.
Everyone knows they should stop smoking. But sometimes it takes a doctor
to pull up the X-Ray of your lungs and look at them sadly for a brief
second for you to invest in that first pack of nicotine gum. I'm not
saying PHP is cancer, I'm just saying that when I see Uber write up a
long post <https://hackerone.com/uber> about how they're trying to use
Bug Bounties to help them secure their WordPress plugins it makes me
think maybe they should go to the doctor instead.
-dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20160802/509a74e5/attachment.html>
More information about the Dailydave
mailing list