My old development team is hurting for resources. I got assigned to give them a hand. There were some production problems they could not replicate. They searched the source code, but could not come up with any definitive answers.
I spent the morning scanning the source code as well. However I have access to the production database. This allowed me to ensure the applications were behaving correctly. The other developers on the team did not have production access.
Now I can understand you don't want everybody looking at production data. But if you want your developers to be able to solve problems fast, give them read only access to production data. If can be the difference between solving a problem in a few hours, versus floundering around for a few weeks or a few months.
OWASP - I have been reading about the OWASP Top 10. Apparently they are a list of common web security breaches. There seems to be a new list each year. Figure I h...