At a previous job, I had to do a penetration test on a platform, and I had the same thing. Any SQL errors would just crash the back end entirely and I'd have to wait for them to bring it back up manually, which could take a long time since I was on the US West coast and they were based in the UK.
Among all the other security issues they had (easily gained a root shell via template injection, multiple XSS issues, CSRF, basically everything in the OWASP Top 10), to call their security posture Swiss cheese would be an understatement.
A couple months after my test, the entire project was scrapped.
Among all the other security issues they had (easily gained a root shell via template injection, multiple XSS issues, CSRF, basically everything in the OWASP Top 10), to call their security posture Swiss cheese would be an understatement.
A couple months after my test, the entire project was scrapped.