Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much

Comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
I work at a mid-sized company that solely depends on income generated by the website(s) it owns. I will add that it does well and wasn't ever really affected by the market fallout.

The company is frugal when it comes to hiring well paid programmers and admins and therefore suffers by not being on the bleeding-edge when it comes to security. I cannot condone these actions but I can certainly understand them. Computers are such commodities these days, that the overall view taken is; we have many replicated backup units that when one gets hacked/rootkitted/fails we pick up one of these units and cart it to the server location.

Very little time is spent hardening the infrastructure, mainly because it was originally built so haphazardly that it would be quite a large undertaking to make it all as secure as possible.

My main focus at this point is creating a large intranet--based webapp, and it is full of security vulnerabilities, I think this is due partly to my own apathy and the pressure to complete the tasks assigned, though rarely I do have extra time by the deadlines and do some security testing. I can certainly understand why an external param run through an eval is a very dangerous prospect. But my apathy stems from the perspective that all systems exist because my company would rather shell out a few extra grand is setting up replicated slaves rather than spending the tens of thousands of dollars (even hundreds) to harden the complete system.

These days all serious companies are trying to make a good go of it and cutting costs as much as possible. In my case this is how the security issue has been dealt with.

On the other hand, when working on my own projects, I make sure they are secure as possible. I don't think there's anything wrong with this approach when your superiors explicitly frown on time spent on security checks/fixes.

I can only sympathize with everyone who sees this as a problem plaguing many companies. It can only get better. When you're a lone ranger, its hard to take on all the bad guys yourself.


In reply to Re: (blackjudas) Web Security by blackjudas
in thread Web Security by merlyn

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    and the questions are moot...

    How do I use this? | Other CB clients
    Other Users?
    Others cooling their heels in the Monastery: (7)
    As of 2018-05-24 14:21 GMT
    Find Nodes?
      Voting Booth?