Quote:
Originally Posted by k0nr4d
I will not argue that there are ALOT of incompetant psuedo-developers, the salaries of which have been driven up like crazy by outsourcing companies to the point where someone with zero experience, zero knowledge of programming labels themselves a "programmer" and gets hired by them.
I will however point out that those that worked only in frameworks in my experience didn't even understand the basic fundamentals of web development. They didn't understand how to prevent against SQL injection, XSS, etc. They had at most a vague understanding that these things exist but not how to exploit them or prevent them. They are lacking a lot of knowledge that they should have but don't.
|
I don't see this as a problem and rather the intention of frameworks. From a project management POV I do not want every developer to know about these topics in great detail. The security aspect of an application is within the scope of a dedicated security engineer, if you do not have one (which many projects/business do not have) that is the very point of using a framework which will safeguard against the biggest issues WITHOUT your developers having to understand and mitigate those risks themselves.