
Dumb Security Questionnaires (2018) - mooreds
https://latacora.micro.blog/its-weird-to/
======
linsomniac
Having recently gone through an external security assessment, this article is
really on target. Especially worth reading are the "top 4" threats at the
bottom of the article, which I'll extract out here:

    
    
      - A developer is going to leave an AWS credential somewhere an attacker can find it.
      - An employee password is going to get credential-stuffed into an admin interface.
      - A developer is going to forget how to parameterize an ORDER BY clause and introduce an SQLI vulnerability.
      - A developer is going to set up a wiki or a Jenkins server on an EC2 instance with a routable IP and an open security group.

