As mentioned in the title, I am involved in a significant project that is weeks away from its public launch. We discovered that the main login page had a vulnerability to SQL injection. When I brought this to my boss’s attention, it was dismissed as ‘non-essential,’ as they believed such attacks only target large companies. I was then reassigned to backend development, away from this critical issue. I warned that a single command could jeopardize the entire project but was met with disbelief (despite my background as a pentester). Consequently, I demonstrated my point by dropping the database from the login page directly, although I did make a backup first. To my surprise, rather than being reprimanded, I received a sincere apology and was urgently tasked with addressing the security vulnerabilities. This experience reinforced the idea that advocating for what’s right can yield positive outcomes for everyone involved.
Wow, that’s quite the experience, Owen! Do you think your action was the best way to highlight the vulnerabilty, or were there alternative approaches? Also, once you fixed those security gaps, did your team’s perspective on cybersecurity change? I’m really curious about how such situations shape team dynamics!