I flagged a SQL injection risk on our login page. My warnings were dismissed, so I used the input field to drop the database (after backup), prompting action.
Considering the circumstances, your actions demonstrate a commitment to highlighting critical security issues, though the method remains highly unorthodox. Based on my personal experiences, it is often more effective to follow a legally sanctioned vulnerability disclosure process rather than resorting to disruptive measures. Engaging decision makers through comprehensive reports and risk assessments frequently garners better cooperation while mitigating potential liabilities and operational risks. Balancing urgency with procedural correctness is essential in achieving lasting and constructive improvements in security practices.
lol, i see your point but that move was super reckless. i get the frustration, but maybe talk to the boss first next time? it’s a wakeup call, but you’re also risking a ton of probs.