cobol (on mainframes, no clue if this applies elsewhere) is more than just a langauge, its a whole stack and set of tools for writing terminal UI programs basically that take inputs and do a lot of processing based on said inputs. You can easily run into cobol code that assumes (rightfully so in most cases) that people will be nice and not do bad inputs or try to do the equivalent of sqli. the attitude around safe and secure code just wasnt there when a lot of the cobol codebases ive ran into were initially written
tuatoru|4 years ago
Over half of the code I worked with was input validation (format validity, value plausibility, authorisations).
Most of the rest was post-facto batch checks for the same sorts of things, except more.
Any CRUD code base that has been in use for a while is mostly this kind of thing.
pelasaco|4 years ago