"I've tested 135 ransomware websites, and I only found vulnerabilities in three of them," Stykas told us in an interview preceding his Black Hat talk. That amounts to less than 3 percent of ransomware groups having vulnerable web applications, which are typically used by threat actors to dump stolen data and publish ransom notes. 
"That's not typical of businesses, where I usually find vulnerabilities in 40 to 50 percent of web apps," Stykas added.
as an engineer, i can tell you that apps ship out half ass because the unrealistic expectations and time pressure put on the devs by non-devs. if you do what you love, you'll never have to work a day in your life? lol
Nice piece.
reply
Most business websites are dev under pressure and hurry, and the innocent customers/users are at the receiving end of whatever hack that may descend on such websites.
reply