appsec

331 readers

4 users here now

A community for all things related to application security.

founded 1 year ago

MODERATORS

submitted 1 year ago by [email protected] to c/[email protected]

6 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (4 children)

Most of the vulnerabilities in SAML are derived by the fact that XML it’s always a nightmare to parse… I wonder why people keep using it.

[–] [email protected] 2 points 1 year ago (3 children)

Historical decisions seem to be the most common reasons

[–] [email protected] 1 points 1 year ago (2 children)

Yes, but usually “historical decisions” is an acronym for “we are not able to manage that because we designed our systems in the worst possible way”

[–] [email protected] 2 points 1 year ago

… and those decisions are sometimes rooted in "we don't have the people and/or money to spend on a new development in this module."

And everyone else is stuck either accepting that or spending the resources to ameliorate the situation. :/

load more comments (1 replies)