NaibofTabr

If nothing else, the list of customers who were interested enough to spend money on such a product might be valuable to them.

ever since libraries have been a thing, the majority of developers have just used the libraries without really understanding what goes on inside them. And that’s not necessarily a bad thing — the entire point of abstraction is so that developers can focus on the stuff they need to get done while ignoring the already solved problems.

Nobody but nobody has time to know what’s in every library they might need to use. Who among us truly understands their network stack, all 8 layers?

senior devs have to spend all their time doing code reviews and editing and refactoring codebases that nobody else understands.

That’s OK we will just train AI to review and refactor for us! I’m sure everything will be fine.

Vulnerable code will be with us forever. The system will always be Swiss cheese. If you think you understand common mistakes, enough that you can review other peoples’ code for them, there’s work for you in infosec for sure.

I think you accidentally a word.

The public use case.

Dependent on federal money.

Yeah, pay somebody else to be responsible for the server uptime and the bandwidth. Somebody who specializes in providing that.

I think the answer depends a lot on the use case of each business’s website and what the business owner/employees expect from it.

Is the website a storefront? You’ll be spending a lot of time maintaining integration with payment networks and ensuring that the transaction process is secure and can’t be exploited to create fake invoices or spammed with fake orders. Also probably maintaining a database of customer orders with names, emails, physical addresses, credit card info, and payment and order fulfillment records… so now you have to worry about handling and storing PII, maybe PCI DSS compliance, and you’ll end up performing some accounting tasks as well due to controlling the payment processing. HIPAA compliance too if it’s something medical like a small doctor’s office, therapist, dialysis clinic, outpatient care - basically anything that might be billable to health insurance.

Does the business have a private email server? You’ll be spending a lot of time maintaining spam filters and block lists and ensuring that their email server has a good reputation with the major email service providers.

Do the employees need user logins so that they can add or edit content on the website or perform other business tasks? Now you’re not just a web host, you’re also a sysadmin for a small enterprise which means you’ll be handling common end-user support tasks like password resets. Have fun with that.

Do they regularly upload new content? (e.g. product photos and descriptions, customer testimonies, demo videos) Now you’re a database admin too.

Does the website allow the business’s customers to upload information? (comments/reviews/pictures/etc, e.g. is it Web 2.0 in some way) god help you.

You’re going to expose this to the public internet. It will be crawled, and its content scraped by various bots. At some point, someone will try to install a cryptominer on it. Someone will try to use it as a C2 server. Someone will notice that you’re running multiple sites/services from one infrastructure stack and attempt to punch their way out of the webhost VM and into the main server just to poke around and see what else you’ve got there. Someone will install mirai and try to make it part of a DDOS service provider’s network.