Gregory's Server
@wtrmt @hisham_hm @sinvega @sn0n @fraggle "Your Unit Tests work, right? Great, watch me toss this into your posting input on a browser loaded to your website: "';SELECT *;" That shouldn't break when I hit post, but here's the error, because *somewhere* in your Unit Tests' contract validated code, you're not sanitizing an input."
@wtrmt @hisham_hm @sinvega @sn0n @fraggle (I'm not that aggressive about it; I just write up a bug report with the resulting console log information, or the API response code, or in worst cases, the stack trace, for them to use to fix it. And I do keep those tests safe enough to avoid taking down the environment, since as a QA Tester, it's my job to prove the core of what can be done, not the scale.
But while that's an obvious example of a situation like that, there are many more.)