Hacker News new | past | comments | ask | show | jobs | submit login

I have a problem with the constant "blaming the tools" in this article. Blindly relying on the framework is one of the major causes of security issues. Exploits will always be one step ahead of the frameworks, blaming the tools breeds the wrong king of mindset when it comes to security.



fully agree. A lot of microsoft fanboyism. The sql injection seemed serious.


Actually, I think it's very clear there were just a lot of bad dev practices happening across the different technologies. Classic ASP on Impact Data, PHP on the main Billabong site and current day .NET on the store. Clearly bad things were done on all.

However, some of those basic injection flaws in classic ASP would not have been possible on a more modern technology stack be that from Microsoft or other. A 5 year old version of PHP also isn't going to do you any favours. Newer frameworks are simply better at saving you from yourself - but that doesn't excuse the sloppy practices.


The guy's a Microsoft MVP. It was more a Microsoft oriented article in my opinion.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: