undefined | Better HN

0 pointsExistenceblinks3y ago0 comments

Yep, most of those items baked into framework already, plus practices we've heard about in the list, but not need to know the name "owasp".

0 comments

pc863y ago

This probably gets at the heart of why people [misguidedly] ask about OWASP or anything other specific thing. They want to know if the candidates knows the principles, which they should, whether they're baked into all the modern frameworks or not. This might be an unpopular opinion, but I don't care how "good" your code is, or how quickly you write it, or how nice of a person you are, if you have no idea what SQL injection is or how to prevent it. Yes, day to day you might be using an ORM. But at some point you may be asked to do something with strings being passed around as SQL commands and I don't want a bomb to go off because you only know JS because that's what React is written in, you only know SQL via your ORM of choice, etc.

ExistenceblinksOP3y ago

This is why people are complaining about whiteboard interview, it's the same thing. Even if I have computer engineering background, I'm not going to remember my Campus Network Design class, because in daily basis, we don't have to remember that, but we know the knowledge exists, we just loop it up when needed.

j / k navigate · click thread line to collapse

0 comments

pc863y ago

ExistenceblinksOP3y ago

j / k navigate · click thread line to collapse