The more i live the more I see this world is meant to be hell for some and heaven for others.
So evident and tangible as any philosophical thought, yet hidden for many ...
lunes, 9 de febrero de 2009
lunes, 2 de febrero de 2009
Vuln research? Programmers ? Freelancers ?
It has caught my eye in these years that every single day that I check sites like security focus or packetstorm, every single vulnerability ends up being some SQL injection gibberish for some unknown CMS or some dumb forum.
I'll just go straight to the point, because i really like to be straight forward.
The questions are:
A) Are we lacking serious security researchers?
B) Has the world gone so stupid that we have people inventing terms like web 2.0 and looking for SQL injection vulnerabilities, and then claiming to be big?
C) Are there so many stupid web programmers?
I believe the right answer is a mixture between B and C.
Sometime ago i was working as a freelancer. My work consisted into modifying a couple of web apps made by some guys in some part of the globe.
Making my way through horrendous programming manners. 50 lines of elseif just for getting the correct location to redirect to. Design patterns where too much to ask, there were no traces of a design pattern standard such as MVC and clearly also no OOP but a DB PDO Object. When you see code like this:
function test ($a=1) {
if ($a) {
return TRUE;
} else {
return FALSE;
}
}
You start to get seriously worried.
It's a real shame that web developers these days are mostly unexperienced beings with little, poor or no background knowledge like C or even Shell scripting.
Their way of fixing problems is to *patch* all the way through, doing whatever it takes. Doesn't matters how nasty the patch is, they don't mind if you or me have to code over that later.
These careless people exist thanks to following characters:
A) Customers that think that serious web development is a matter of point and click.
B) People with Microsoft's NIKE philosophy "Just do it" add to that "No matter what".
C) People that still code for PHP4.
D) People who have little or no vision at all about the future of their application.
E) People who play to be experts when all they have is a bunch of fancy words.
Now, if you're even thinking that I should be grateful to these people because they give me work, think twice. I've left freelancing for modifying applications, and I've left my job thanks to people like the ones mentioned in points A, B, D and E (<-mediocre) to get another one in which I'm able to work happy (which I already have).
So, if you happen to be in some of the previous mentioned situations, and feel frustrated of doing the same stupid stuff over and over again just leave everything behind and start a new path.
I'll just go straight to the point, because i really like to be straight forward.
The questions are:
A) Are we lacking serious security researchers?
B) Has the world gone so stupid that we have people inventing terms like web 2.0 and looking for SQL injection vulnerabilities, and then claiming to be big?
C) Are there so many stupid web programmers?
I believe the right answer is a mixture between B and C.
Sometime ago i was working as a freelancer. My work consisted into modifying a couple of web apps made by some guys in some part of the globe.
Making my way through horrendous programming manners. 50 lines of elseif just for getting the correct location to redirect to. Design patterns where too much to ask, there were no traces of a design pattern standard such as MVC and clearly also no OOP but a DB PDO Object. When you see code like this:
function test ($a=1) {
if ($a) {
return TRUE;
} else {
return FALSE;
}
}
You start to get seriously worried.
It's a real shame that web developers these days are mostly unexperienced beings with little, poor or no background knowledge like C or even Shell scripting.
Their way of fixing problems is to *patch* all the way through, doing whatever it takes. Doesn't matters how nasty the patch is, they don't mind if you or me have to code over that later.
These careless people exist thanks to following characters:
A) Customers that think that serious web development is a matter of point and click.
B) People with Microsoft's NIKE philosophy "Just do it" add to that "No matter what".
C) People that still code for PHP4.
D) People who have little or no vision at all about the future of their application.
E) People who play to be experts when all they have is a bunch of fancy words.
Now, if you're even thinking that I should be grateful to these people because they give me work, think twice. I've left freelancing for modifying applications, and I've left my job thanks to people like the ones mentioned in points A, B, D and E (<-mediocre) to get another one in which I'm able to work happy (which I already have).
So, if you happen to be in some of the previous mentioned situations, and feel frustrated of doing the same stupid stuff over and over again just leave everything behind and start a new path.
Suscribirse a:
Entradas (Atom)
