N7x to appsecEnglish · 1 year agoXML Security in Javasemgrep.devexternal-linkmessage-square5fedilinkarrow-up16arrow-down10
arrow-up16arrow-down1external-linkXML Security in Javasemgrep.devN7x to appsecEnglish · 1 year agomessage-square5fedilink
minus-squarehimazawalinkfedilinkEnglisharrow-up2·edit-21 year agoMost of the vulnerabilities in SAML are derived by the fact that XML it’s always a nightmare to parse… I wonder why people keep using it.
minus-squareN7xOPlinkfedilinkEnglisharrow-up2·1 year agoHistorical decisions seem to be the most common reasons
minus-squarehimazawalinkfedilinkEnglisharrow-up1·1 year agoYes, but usually “historical decisions” is an acronym for “we are not able to manage that because we designed our systems in the worst possible way”
minus-squareZeno_of_CitiumlinkfedilinkEnglisharrow-up2·1 year ago… and those decisions are sometimes rooted in “we don’t have the people and/or money to spend on a new development in this module.” And everyone else is stuck either accepting that or spending the resources to ameliorate the situation. :/
Most of the vulnerabilities in SAML are derived by the fact that XML it’s always a nightmare to parse… I wonder why people keep using it.
Historical decisions seem to be the most common reasons
Yes, but usually “historical decisions” is an acronym for “we are not able to manage that because we designed our systems in the worst possible way”
… and those decisions are sometimes rooted in “we don’t have the people and/or money to spend on a new development in this module.”
And everyone else is stuck either accepting that or spending the resources to ameliorate the situation. :/
Definitely