Learnings from 5 years of tech startup code audits
This guy did 20-30 code security audits for startups, and has some solid learnings.
A few of my favorite takeaways:
- Never deserialize untrusted data.
- Acquisitions complicated security
- There’s still a lot of MD5 in use out there, but it’s mostly false positive
Trending on Indie Hackers
This was my favorite take away and what I think is such an important truth: KEEP IT SIMPLE.
Basically, the startups he audited that are now doing the best had an almost brazenly ‘Keep It Simple’ approach to engineering. I'm not surprised, at all. He also makes a good point about moving to microservices too soon. I think he's right about that too. Thanks for the share.
That great. To hear from you such detail information about their project and mission. Could you do audit of our https://apkreservoir.com/stick-cricket-premier-league-mod-apk/ and give us some good advices. So that we could move forward and make it one of the best business.
Agreed! Everyone loves the idea of micro services but they are not the quick win people think they are. It's often easier to fix a bad monolith than bad microservices.
Interesting lessons, thanks!
Can't say I've ever gone through an acquisition, but his point about security complications is interesting.