Reply to post:

Pupil mental health monitor promises app rewrite after hardcoded login creds discovered

macjules Silver badge

Sloppy coding and deployments are run of the mill now, despite there being an abundance of security checklists for such common requirements as how to 'harden' response headers for Varnish or Cloudflare caching or how to set up SSL certificates. Lots of companies (TCS, Accenture to name just 2) often fail dismally at checking to see if a deployment from Test/UAT to production has removed development credentials etc.

This is usually coupled with a reluctance to pay the extortionate fees required for full penetration testing.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2019