achim at owasp.org
Sat May 28 20:25:44 UTC 2016
On 27.05.2016 09:00, The Black Labrador wrote:
> Agreed on the 2nd point, but on the 1st one, if your hosting environment is compromised then the attacker would change both the checksum and the URL that the code comes from, no?
What is difference for the 3rd party source vs. your own source if your host is compromised?
Nothing, game over (as Jim said).
I'd say this is not a valid scenario here.
More information about the OWASP-Leaders