QA Insight: Brent Strange's Software QA blog

Brent Strange's thoughts on Software Quality Assurance and technology


	Tuesday, February 07, 2006

	Defect of the day
	The URL to the defect below was emailed to me earlier today. Yes, this is an actual live site. Where do I start? Can you say "hack me"? This is a security issue (Severity 1). You can't let this stuff bubble up to the user! With the information provided, it wouldn't be too hard to figure out the whole schema and start doing some evil things. How could they have prevented this? This kind of issue could have been caught with security standards, unit tests, and good ol' functional testing.

	Comments [2]

Tuesday, February 07, 2006 11:21:23 PM (US Mountain Standard Time, UTC-07:00)

GAH!! Threat model, threat model threat model!!!

Wednesday, February 08, 2006 12:38:10 AM (US Mountain Standard Time, UTC-07:00)

Defect of the day. For gosh sakes Brent, I haven't seen this level of mess for a couple of years now!

Mark

Comments are closed.

Search QAInsight.net

Subscribe!

All of QAInsight.net

QA Blogs

Other, Favorite Blogs

Blog Archive

Legal Mumbo-Jumbo
The opinions expressed herein are not necessarily those of my employer, not necessarily mine, and probably not necessary. Copyright 2008 Brent Strange

Driven by newtelligence dasBlog 2.0.7226.0