Serge’s post on “Why Use TeamMentor”
Recently a question came up about the benefits of TeamMentor. Specifically, what is the typical scenario of people using TeamMentor.
The idea is that people might know about security controls but not how to implement them, then they go to TM and find out how to implement the controls. For example, Company finds out they have a bunch of SQLi and XSS in their web sites, but they don’t know what controls actually prevent those vulns. So, they do what happens very often, which is they go and add some specific filters or something to that specific vulnerable piece of code and don’t change the architecture at all. Overall, their security posture doesn’t really improve and the developers don’t learn from their mistakes. The same types of vulnerabilities continue to haunt them. Enter TM.
Someone finds out they have XSS. They go to TM and quickly find XSS in the…
View original post 230 more words