I think we sometimes tend to overuse the blame-game on "Babu" culture. You've got to deliver a working code tonight, and you end up putting performance and security issues with a bunch of "//TODO:"s and "//FIXME:"s. This is the story almost everywhere. It's got little relation with the prior mentioned culture. Security holes primarily owe to the team culture, cumulative expertise, and (dare I say) the tech-lead's ACTUAL technical expertise instead of just years of experience on the resume.
Just my 2 cents (which I concede, isn't really adding much value from a technology perspective). --Bipin Upadhyay On 1/22/2010 5:19 PM, [email protected] wrote: > Well web developers can't solve phishing problem but they can prevent XSS > and other attacks like session hijacking. More IT focus n hiring > professional services *may* help them. > > The problem is the "Babu" culture; even if they hired prof servises I fear > lack to responsibility will make anything slip with em! I guess this is the > only way they will learn... Through their mistakes! > > -Arjun > ------Original Message------ > From: Bipin Upadhyay > Sender: [email protected] > To: [email protected] > Subject: Re: [Owasp-delhi] Pakistani Lottery Scam. Data Theft from Airtel??? > Sent: Jan 22, 2010 5:03 PM > > On 1/22/2010 1:53 PM, atul jha wrote: > >> Hi all, >> In my opinion until and unless the web development work will not be >> taken care by these government bank inhouse this problem will keep >> occurring. >> I hope they realize it sooner. >> > ..and how exactly do you expect web developers to solve phishing problem? > > --Bipin Upadhyay. > > [SNIPPED] > _______________________________________________ > Owasp-delhi mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-delhi > > > Sent from BlackBerry® on Airtel _______________________________________________ Owasp-delhi mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-delhi
