My team got some trouble tickets from the customer. The team lead assigned a high priority problem to me. I studied the error messages. Then I took a look at the code. I deduced that if all was set up correctly, there was only one way these errors could occur. I sent directions to the customer on how to reconfigure to avoid the error. Then I got tasked with helping out another team.
My recommendations were met with a lot of resistance from the customer. They questioned my logic. And they were not happy with my recommendations. The top manager from the customer organization asked me to investigate further. Then the top manager from my company told me to get busy on this.
Luckily I had finished helping that other team. I decided to not take on any other work while I worked this top priority problem. I looked deeply at the examples from the customer. I traced each SQL statement with the data from the production database. That's when I spotted some bed setup data.
My failure was that I assumed all the setup data was correct. Incorrect assumption. I also did not spend enough time on analysis because I was busy. Error number two. Now armed with the full picture, I can address the customer problem. Although they were unhappy with my first attempt, I am sure they will be relieved when I correct the underlying problems.
OWASP - I have been reading about the OWASP Top 10. Apparently they are a list of common web security breaches. There seems to be a new list each year. Figure I h...