Reply to post: Re: Java f'in script !

Ticketmaster tells customer it's not at fault for site's Magecart malware pwnage

Anonymous Coward
Anonymous Coward

Re: Java f'in script !

"Have you ever heard the saying that security should be built in from the start? Where was that in your list of requirements?"

Client side scripting is not insecure or else the vast majority of sites written in the last 5 years would be insecure. You can create insecurity in your site, but that is not because it uses client side scripting. It is just, if not more, likely to happen from a back end dev who used concatenated SQL statements for user input rather than stored procedures.

If you were in a role where you commision projects then you would realise that security is part of a risk analysis through the whole lifecycle of the project. You don't say "No HTML5, No Javascript, No SQL, No Form FIelds" just because there is a possible security risk. A person who is good at the role will understand and analyse the risk and produce a specification which mitigates those risks to an acceptable level while still meeting the needs of the project and the organisation.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019