N7x to appsecEnglish · 2 years agoXML Security in Javasemgrep.devexternal-linkmessage-square5linkfedilinkarrow-up16arrow-down10
arrow-up16arrow-down1external-linkXML Security in Javasemgrep.devN7x to appsecEnglish · 2 years agomessage-square5linkfedilink
minus-squarehimazawalinkfedilinkEnglisharrow-up2·2 years agoMost of the vulnerabilities in SAML are derived by the fact that XML it’s always a nightmare to parse… I wonder why people keep using it.
minus-squareN7xOPlinkfedilinkEnglisharrow-up2·2 years agoHistorical decisions seem to be the most common reasons
minus-squarehimazawalinkfedilinkEnglisharrow-up1·2 years agoYes, but usually “historical decisions” is an acronym for “we are not able to manage that because we designed our systems in the worst possible way”
minus-squareZeno_of_CitiumlinkfedilinkEnglisharrow-up2·2 years ago… and those decisions are sometimes rooted in “we don’t have the people and/or money to spend on a new development in this module.” And everyone else is stuck either accepting that or spending the resources to ameliorate the situation. :/
Most of the vulnerabilities in SAML are derived by the fact that XML it’s always a nightmare to parse… I wonder why people keep using it.
Historical decisions seem to be the most common reasons
Yes, but usually “historical decisions” is an acronym for “we are not able to manage that because we designed our systems in the worst possible way”
… and those decisions are sometimes rooted in “we don’t have the people and/or money to spend on a new development in this module.”
And everyone else is stuck either accepting that or spending the resources to ameliorate the situation. :/
Definitely