6 comments

[ 3.3 ms ] story [ 22.3 ms ] thread
Great info, I'm especially stoked Django was used for the examples.
Since this uses Django for examples and mentions Bandit as an automated option for finding vulnerabilities, are there any others that people would recommend?
I always thought a lot of the biggest hacks were done by insiders, or with insider information. I know there's a lot you can hunt for out there. But being part of the team that built something of interest, knowing what is exploitable, could be a big temptation.
Depends on what you mean by "biggest", but in my experience the most common cause is lax security practices, mainly not performing security updates quickly enough. A business doesn't want to spend extra on website maintenance, so sites get neglected, sometimes for years.