How publicly released exploits helped WorkSimple

[Photo by Honza Soukup]

A couple years back when I released WorkSimple, my PHP knowledge was very limited. I went through a couple versions of WorkSimple adding features and such but without thinking of security. Then, about a year and a half ago, I came upon a zero-day exploit site [1][2] site. On the site, it chronicled the current exploits in WorkSimple. Now, of course I acted quickly and fixed the problems. At first, I was offended by this. Then, I realized the helping hand it had lent me. Not only did these sites show how one could use the exploit, but also how to fix it. The user login system used MD5 hashed passowords in a specified [plain text] file in a specified place. After, the hashes were salted and in a .php file as not to display the contents. 


It definitely made me think more about security; not that I did not before just more comprehensively. To this day, I'm surprised that people use WorkSimple. Besides the terrible coding of it, the design is attrocious (which will be updated in 2.0 of WS). So, these zero-day exploits helped me be a better coder. It's difficult to design a perfect application without having something breaking. Apart from the aforementioned notes, I would think that it even created a little bit more publicity for WorkSimple :)