Security | Oct 28, 2021

Halloween Edition: Stories from the Trenches

It’s Halloween season and things can get a bit spooky in the DevOps World

There are all kinds of creepy and scary stories out there that are guaranteed to give you goosebumps. 

So, in the spirit of Halloween, we’re sharing some of our favorite “Stories from the Trenches.” From a developer’s worst nightmare to hackers from hell to tools of terror, here are three spooky Halloween-themed “Stories from the Trenches” shared by some of our team members at Accurics. 

Happy Halloween!

Bad Muscle Memory 

Story By: Willie Sana, Staff Software Engineer 

“Back when I first started working on Unix (Solaris) at a large software security company, I had been working on a small project for about a week. Git wasn’t really a thing back then, and Perforce’s support on Unix worked but was buggy–so several days before code commits were common. Long story short, I would manually clean up my test directories with “rm-rf /test”, but on a Friday night my pinky somehow ended up pressing enter after “/” instead of waiting for “/test”, and you know what happened next…”

The Nightmare

Story By: Pankaj Rai, Software Engineer  
“I started my career with a company having 4 employees. We all were working on the printing softwares (Convert big files and folders into raster format for printing) for the big companies. The customer had an issue that these softwares are not working properly with the latest HP plotters (It prints the images in different shapes and sizes). It was a big issue and many experienced people were not able to solve it. 

My boss assigned this issue to me and told me that I will give you one month and you have to solve it. The big challenge was I had no plotter/simulator where I could see the issue.  For three weeks,  I was debugging the code, reading the books, searching on the web but I had no clue what the problem could be but I understood the code completely. Suddenly everyone started questioning “where are we on this issue ?”. They had exhibitions next month and this issue was a blocker for them.  

My boss discussed it with me and asked the same question. I said that I wanted to test some samples. He told me that we do not have Simulator/Printer. We can ask the customer and see if he can provide some test results. Customer also did not have the same Simulator/Printer but he found one vendor that had a simulator for the same.” 

Nightmare on DevOps Street 

Story By: Cesar Rodriguez, Director of Engineering 

“A few years ago I was working on implementing a DAST (Dynamic Application Security Testing) program for a financial organization. We spent a few weeks setting up the tooling, which was a bit complicated in that environment, but got everything to work and started looking for volunteers to test that everything was working as expected. A brave development manager, who was very confident of the code base he was responsible for, agreed to be the 1st guinea pig for the process. This was a big and complex application. Naively, we left the DAST scan running overnight with no supervision. In the morning, the dev manager walks over furious. He need to do a demo that morning, and unfortunately his application had a stored cross site scripting vulnerability and his database filled with random payloads.”

How Accurics Can Help You 

At Accurics, we envision a world where organizations can innovate risk free in the cloud. Our mission is to enable organizations to accelerate innovation by aligning development, operational, and security teams behind scrutiny and resiliency goals. The world’s leading organizations partner with Accurics to improve security outcomes by enabling security teams to recognize the highest-risk findings and effectively communicate with development and operational teams. By addressing risks at the source, you achieve security from code to cloud. Learn more about Accurics by checking out our blog

Event Recap: Key Takeaways from Accurics 2021 Code to Cloud Security Summit

Kubernetes Security Enhanced with NSA and CISA Guidance

Kubernetes security: Preventing secrets exfiltration (CVE-2021-25742)

We use cookies to ensure you get the best experience on our website. By continuing to browse this site, you acknowledge the use of cookies.