allow an attacker to get a corporate email account with which to conduct a little filet-o-phishing
with no server-side checking, allowing a Hamburglar to order food for free
eventually got through to a security McEngineer who said that they were “too busy” to fix the flaw
Coincidentally, I saw on linkedin last night they were hiring a Security Operations manager. They should get an Appsec person instead to fix those issues.
They had fun writing this article:
Coincidentally, I saw on linkedin last night they were hiring a Security Operations manager. They should get an Appsec person instead to fix those issues.
Professional software engineer here. Security Engineers don’t do that, they write harrowing reports that get ignored by Security Operations Managers.
Executive leadership at its finest.