●Stories
●Firehose
●All
●Popular
●Polls
●Software
●Thought Leadership
Submit
●
Login
●or
●
Sign up
●Topics:
●Devices
●Build
●Entertainment
●Technology
●Open Source
●Science
●YRO
●Follow us:
●RSS
●Facebook
●LinkedIn
●Twitter
●
Youtube
●
Mastodon
●Bluesky
Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!
Forgot your password?
Close
This discussion has been archived.
No new comments can be posted.
Load All Comments
Full
Abbreviated
Hidden
/Sea
Score:
5
4
3
2
1
0
-1
More
Login
Forgot your password?
Close
Close
Log In/Create an Account
●
All
●
Insightful
●
Informative
●
Interesting
●
Funny
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
byhcs_$reboot ( 1536101 ) writes:
That's not the same web devs making those same mistakes. Developers with some experience do not write code that fails against easy sql-injection. But companies prefer to hire younger inexperienced devs for the reasons that have been discussed here on /. many times.
bygweihir ( 88907 ) writes:
Does not match my experience. Some (few, say 10%) of these people do indeed acquire insight and experience with more time in the field, but most do not seem to. They make the same basic mistakes and have the same defective and incomplete understanding of how thing work, 5 years in, 10 years in and then they move to another field because they have become unemployable in their "specialty".
byraymorris ( 2726007 ) writes:
My experience is the same, most (but not all) experienced people are people who have been doing the same stupid shit for a long time. Some people put in the effort to learn something new and improve every week. Most people don't.
For those who DO try to constantly learn and improve, the security community has made a mistake in how we try to help them. The OWASP top 10 list was mentioned. I'm a member of OWASP. The list, which we promote, is a basically list of how bad guys can exploit vulnerabilities.
byLesFerg ( 452838 ) writes:
I must have been exceptionally lucky to work for an employer who also understood the importance of having a solid team of testers working closely with the developers.
For a start we had to make sure that nothing a user could type into a text entry could break the web page or the database, either on the way in or when coming back out to be displayed, be it the most basic issues like apostrophes in user names or HTML tags and such.
Then the testers had to learn all sorts of clever tricks to get around our best efforts to stop them breaking our code. This included SQL injection and other web-page breaking techniques.
If a company has mission-critical systems being developed and deployed via HTML, then they need to take responsibility for testing and penetration-testing the solutions, not just smacking out the fastest cheapest solution.
If you get the chance to work alongside good testers, make them your friends and make sure you challenge each other, taking into consideration both the crazy things your regular users can do and the malicious things others may attempt.
Parent
twitter
facebook
There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.
Slashdot
●
●
Submit Story
It is much harder to find a job than to keep one.
●FAQ
●Story Archive
●Hall of Fame
●Advertising
●Terms
●Privacy Statement
●About
●Feedback
●Mobile View
●Blog
Do Not Sell or Share My Personal Information
Copyright © 2026 Slashdot Media. All Rights Reserved.
×
Close
Working...
Working...