undefined | Better HN

0 pointsitake3y ago0 comments

Yeah… so this example is saying “you need to redesign your infrastructure before you can merge this change in.”

If sftp is a requirement, it should have been captured earlier in the process and not after the integration code was written.

0 comments

gmontard3y ago

In an ideal world security tools like this one should be useless… but unfortunately we don’t all live in this world where security requirements are all captured, understood and implemented correctly.

This is what just an exemple, think about application level encryption, leakage in logger messages etc.

j / k navigate · click thread line to collapse

0 pointsitake3y ago0 comments

Yeah… so this example is saying “you need to redesign your infrastructure before you can merge this change in.”

If sftp is a requirement, it should have been captured earlier in the process and not after the integration code was written.

0 comments

gmontard3y ago

This is what just an exemple, think about application level encryption, leakage in logger messages etc.

j / k navigate · click thread line to collapse