2 comments
18.Use of Hard-coded Credentials
I mean, really! At least it's down from last year.
I’ve known dev teams who don’t really know how to get their application to read from a configuration file (or similar). They would know how to do it in a “Hello, world!” type tutorial. But they didn’t have the skills to do it otherwise - let alone in the codebases they were maintaining. They just kept their apps chugging along on some super outdated .Net and they knew the database’s schema. That’s about it.
They were getting paid more and have more job security than me so I commend them.