Halloween Edition: Stories from the Trenches
It’s Halloween season and things can get a bit spooky in the DevOps World.
There are all kinds of creepy and scary stories out there that are guaranteed to give you goosebumps.
So, in the spirit of Halloween, we’re sharing some of our favorite “Stories from the Trenches.” From a developer’s worst nightmare to hackers from hell to tools of terror, here are three spooky Halloween-themed “Stories from the Trenches” shared by some of our team members at Accurics.
Bad Muscle Memory
Story By: Willie Sana, Staff Software Engineer
“Back when I first started working on Unix (Solaris) at a large software security company, I had been working on a small project for about a week. Git wasn’t really a thing back then, and Perforce’s support on Unix worked but was buggy–so several days before code commits were common. Long story short, I would manually clean up my test directories with “rm-rf /test”, but on a Friday night my pinky somehow ended up pressing enter after “/” instead of waiting for “/test”, and you know what happened next…”
My boss assigned this issue to me and told me that I will give you one month and you have to solve it. The big challenge was I had no plotter/simulator where I could see the issue. For three weeks, I was debugging the code, reading the books, searching on the web but I had no clue what the problem could be but I understood the code completely. Suddenly everyone started questioning “where are we on this issue ?”. They had exhibitions next month and this issue was a blocker for them.
My boss discussed it with me and asked the same question. I said that I wanted to test some samples. He told me that we do not have Simulator/Printer. We can ask the customer and see if he can provide some test results. Customer also did not have the same Simulator/Printer but he found one vendor that had a simulator for the same.”
Nightmare on DevOps Street
“A few years ago I was working on implementing a DAST (Dynamic Application Security Testing) program for a financial organization. We spent a few weeks setting up the tooling, which was a bit complicated in that environment, but got everything to work and started looking for volunteers to test that everything was working as expected. A brave development manager, who was very confident of the code base he was responsible for, agreed to be the 1st guinea pig for the process. This was a big and complex application. Naively, we left the DAST scan running overnight with no supervision. In the morning, the dev manager walks over furious. He need to do a demo that morning, and unfortunately his application had a stored cross site scripting vulnerability and his database filled with random payloads.”
How Accurics Can Help You
At Accurics, we envision a world where organizations can innovate risk free in the cloud. Our mission is to enable organizations to accelerate innovation by aligning development, operational, and security teams behind scrutiny and resiliency goals. The world’s leading organizations partner with Accurics to improve security outcomes by enabling security teams to recognize the highest-risk findings and effectively communicate with development and operational teams. By addressing risks at the source, you achieve security from code to cloud. Learn more about Accurics by checking out our blog.