As mentioned in the title, I am involved in a significant project that is weeks away from its public launch. We discovered that the main login page had a vulnerability to SQL injection. When I brought this to my boss’s attention, it was dismissed as ‘not urgent,’ as they believed such attacks only target large enterprises. I was then shifted back to backend development, away from addressing this critical flaw. I warned that a single command could jeopardize the entire project, but my concerns were laughed off, despite my background as a pentester. Consequently, I exploited the vulnerability by deleting the database through the login field while my boss was present, though I had created a backup first. Surprisingly, I wasn’t fired—instead, I received a sincere apology and was promptly assigned to rectify these security issues. This experience taught me that advocating for the right thing can yield positive outcomes.
Kudoz to you for taking a stand! Mind blowing how often security gets overlooked until it’s a crisis facepalm. Also, shows the power of backups - good move there. I hope your case makes others in your company take notis before they get caught asleep at the wheel again.
That’s an intrsting approach you took! Do you think demonstration of such flaws, like you did, is sometimes more effective than just talking about it? Also, how did your colleagues react? I wonder if this shifted the company’s perspective on other security areas as well.
Your experience highlights the importance of advocating for security, even when the risks may seem hypothetical or unlikely to management. Many times, businesses wait until it’s too late before addressing vulnerabilities, not realizing the critical implications until they’re confronted firsthand. The proactive move to create a backup before taking action was wise, as it provided a safety net to recover the project. It’s a reminder that while technical skills are vital in such situations, negotiation and demonstrating potential consequences can also be instrumental in policy changes.