Industry Observations-Vulnerabilities-Web Application Security

Reducing Security

Jeremiah Grossman and I were chatting (yes, we talk quite often) at BlackHat about how it seems like no matter what we do in the security space it is reducible to being insecure/vulnerable in some way or another. So Jeremiah suggested that I should make a funny graphic depicting how that’s true.

Well, that turned out to be easier said than done. As I got further and further into it, I found that it wasn’t really that funny. In fact, it became less-funny and more of a bummer the more I got into it. I know this isn’t perfect or complete, but it gives you an idea of the amazing amount of things you’ve got to get right before you can be sure your site is safe.

Click to enlarge.

Click to enlarge.

Hopefully after you look at it you’ll see what I mean. What was once a pretty funny idea turned into a bit of a nightmare. Still, I suppose there is a bit of gory humor buried deep within it all. Okay, I’m going to go away and grow carrots now.

  • Steve Pinkham

    Lest you think we’re too special, consider the class of other things that aren’t risk free: They include growing carrots & any other human enterprise.

  • Interesting

    Nice picture.

    It would be even better if, for each “No”, the “–>” was pointing to some “How-to” or to an explanation.