I’ve tested all major features and everything works as expected, but security scanners keep reporting issues.I’m trying to understand why these problems don’t show up during normal testing and what I might be missing?!
Decode Trail Latest Questions
The scanner reports several vulnerabilities, but when I review them manually, I can’t see a realistic way to exploit them.In many cases, access controls or validation layers appear to block the attack entirely.I’m unsure whether these findings represent ...
The scan reports issues in libraries that aren’t referenced in our code.These appear to be transitive dependencies pulled in automatically.I’m unsure whether these should still be treated as real risks.
Zero trust controls are in place, yet security incidents still occur.This feels contradictory to what zero trust promises.I’m trying to understand what zero trust protects against and what it doesn’t.
Rate limiting is enabled and appears to work, yet abusive traffic still gets through.Attackers don’t seem to be hitting the configured limits directly.I’m wondering whether this is a configuration issue or a limitation of rate limiting itself.
I was told that zero trust removes the need for traditional network security.However, I still see recommendations for segmentation and firewall rules.I’m trying to understand why network controls are still needed in a zero-trust setup.
We apply fixes quickly to address reported issues.Shortly after, new vulnerabilities appear elsewhere.I’m concerned that remediation is causing more harm than good.
Logs show access from IPs we don’t recognize.There’s no obvious service outage, but the activity looks suspicious.I’m trying to determine whether this is expected behavior or a security incident?
Users can log in without issues, and authentication appears solid.Despite that, some users can access data they clearly shouldn’t.I’m trying to figure out where authorization is breaking down and how to fix it properly.
The same role works fine for one service but fails for another.There are no obvious policy errors, yet access behaves unpredictably.I’m confused about why IAM doesn’t seem consistent across services.