Bite Vulnerabilities Before They Bite You
April 1, 2007 —
(Page 1 of 2)
Firewalls are great if you’re worried about barbarians attacking your front gate. Intrusion detection systems are fine, if your goal is to see if unauthorized traffic is on your LAN; intrusion prevention systems work in conjunction with your firewall to block that unauthorized traffic.
Firewalls, IDS and IPS systems, as well as anti-virus solutions, spam filters, worm detectors—they’re all worthless, absolutely worthless, when it comes to attacking the real causes of software security failures. So, too, are checks against buffer overflows, cross-site scripting and SQL injection. While those vulnerabilities can trip up an unwary programmer, they’re easy to catch. Just about any static or dynamic code analyzer can find those problems. The real challenge is how to handle the most significant software security challenge of our time.
Puppies.
Yes, my fellow software architects, developers and test/QA professionals, the biggest threat to our software infrastructure, and the integrity of our data, is puppies. They look so cute, don’t they, with their lolling pink tongues, soft waggly ears and short little legs. They roll and play and want to be cuddled. But don’t be fooled. Puppies, those innocent little puppies, are placing your enterprise software in deadly peril…and your CEO, if the puppies start messing with your Sarbanes-Oxley systems. He’ll be going down the river…and you’ll be down there with him, if you don’t take action now.
Where did this insidious threat come from? It’s hard to know. Perhaps the first puppies merely wanted some fun; they wanted to show off in front of their litter mates. Nobody picks on the runt, you see, if he can erase breeding records with the click of a mouse. But then things got worse. Government agencies and their espionage programs. The military. Commercial interests. Terrorists and rogue states. They learned how to use puppies to bypass virtual private networks, routers, firewalls. How in the face of a determined puppy, even 256-bit AES encryption is about as effective as an old, battered squeaky toy. Buffer overflow exploits? Ha. Puppies sneer at your pathetic algorithms; you might as well not bother.
Share this link: http://sdt.bz/30349
Most Read Latest News Blog Resources
Zeichick’s Take: Radio moves from analog waveforms to digital packets
Streaming radio highlights the need for streaming applications to be designed to take up as little bandwidth as possible
|
|
Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans
|
|
Appcelerator Acquires Cocoafish to Add Instant Mobile Cloud Capabilities to its Industry Leading Titanium Platform
Appcelerator Offers Messaging, Social, Location and Storage Mobile Cloud Services to All Mobile App Publishers
|
|
ComponentOne Releases a Collection of 40+ UI Widgets Powered by HTML5 and jQuery
ComponentOne has announced the 2012 release of Wijmo: a kit of UI widgets for HTML5 and jQuery development
|
Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans
|
|
Top five apps to manage your workload
Web applications offer new ways to track your “to-do” lists
|
|
Not so fast when it comes to testing in the cloud
Developers face outsourcing, virtual lab management and mobile devices as obstacles
|
|
Xceed releases UX-focused suite for Microsoft’s WPF
"Blendables" helps match user experiences to developer visions
|
Are you at risk for burnout?
Burnout is a severe problem and it can strike at any time. Here's how to tell if you are nearing the edge.
|
|
Agility, mom, and apple pie
If we're to evaluate the state-of-the-art in software development, we should start with the values espoused in the Agile Manifesto.
|
|
RIM woos developers with free tablet
How do you get more apps ported to the BlackBerry PlayBook? By giving every developer a free tablet, of course!
|
|
GitHire: Use Headhunters to Find Your Perfect Programmer
Are you a hiring manager tired of scouring the job boards? Check out this new service that will find 5 people interested in your jobs.
|
The Hidden Costs of Software Licensing
Moving beyond paper-based software licensing to more flexible, software-based licensing is a business decision. There is a growing trend tow...
|
|
Case Study: You May Need a Development Mechanic
As a contractor for a major financial player in Germany, SOBEGE, a German-based consultancy specializing in embedded IT and web services, wa...
|
|
Ensuring Software Quality at a Major International Bank
One of the world’s leading international banks has adopted AgitarOne technology for delivering generated unit tests for their Java software...
|
|
Load Testing Adobe Flex Applications
Adobe Flex applications may be different from applications you’ve worked with before. For classic HTML web applications, the server does all...
|