re: How to learn web application security VIEW POST


Thank you so much for clarifying what I believe to be a huge misconception or belief among developers. I've audited countless applications with simple XSS vulnerabilities that are left not out of ignorance but simply due to belief that it's the security auditor and penetration tester's "job" to fix these mistakes. Security is the responsibility of ALL parties. From the Security Team, to the Full stack of development and all those involved in the SDLC, it's a group effort to maintain and protect.

code of conduct - report abuse