Reply to post: Re: 402 customers?

UK 'meltdown' bank TSB's owner: Our IT migration was a 'success'

Phil Endecott Silver badge

Re: 402 customers?

> Should have been picked up at UAT and probably pentest.

To me it sounds more like it’s time to sack the entire team and throw away all the code they wrote.

If you’re even anywhere close to one user accessing a different user’s bank account, it means several layers of security are borked or maybe just not there.

Almost OK for some stupid PHP webshite, but absolutely not for a f***ing bank.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019