Thank you so much for clarifying what I believe to be a huge misconception or belief among developers. I've audited countless applications with simple XSS vulnerabilities that are left not out of ignorance but simply due to belief that it's the security auditor and penetration tester's "job" to fix these mistakes. Security is the responsibility of ALL parties. From the Security Team, to the Full stack of development and all those involved in the SDLC, it's a group effort to maintain and protect.
Front end developer specialising in JavaScript and React. Experienced in all aspects of modern front end development. Passionate about making accessible, secure and performant software.
Thank you so much for clarifying what I believe to be a huge misconception or belief among developers. I've audited countless applications with simple XSS vulnerabilities that are left not out of ignorance but simply due to belief that it's the security auditor and penetration tester's "job" to fix these mistakes. Security is the responsibility of ALL parties. From the Security Team, to the Full stack of development and all those involved in the SDLC, it's a group effort to maintain and protect.
Completely agree :)