What The Hell? Web Security Is(n’t) About The Web…Not!

Posted on Thursday October 29 2009 by ljh

Copyright © 2009 What The Hell? Security

It’s easy to jump to conclusions.  I illustrated this to my youngest, who are twins, when they were five.

[Sidebar:  I wanted to do this when they were four.  But that being the year they learned that racehorses used to end their careers in glue bottles, I figured it was in everybody's best interest to hold off a year.]

    Me (high energy): Hey kids – what’s corn oil made of?
    Them (suddenly interested): Corn!
    Me: Good!  And what’s peanut oil made of?
    Them: Peanuts!
    Me: Right!  And what’s baby oil made of?
    Them: Babies…hey Mom, Dad is teasing us again!

But they got the point.  Knowing that good dadhood equals good managerhood, I figured I’d try my luck at work the next day.

    Me (high energy): Hey staff – what’s operating system security made of?
    Them (suddenly interested): Operating systems!
    Me: Good!  And what’s network security made of?
    Them: Networks!
    Me: Right!  And what’s Web security made of?
    Them: Web…hey CEO, Boss is teasing us again!

Silly me.  I mean, we all know that Web security is made up of SQL injections and cross-site scripting and hostile javascript and stuff like that.  Not of Web.  Right?  Right?

Not so fast.  OWASP rightly calls out those problems as Web Application Security issues.  Not Web Platform Security issues.  Web Platform Security issues, if we admitted they existed, would pertain to…well…the Web platform.  The cornerstone of which is hypertext.  The security of which is non-existent.

Hypertext Sand

See where I’m going with this?   Here:  Hypertext Sand cannot support the weight of Trillion-Pound Savings & Mall.

Which leaves us with three options:

  1. Shore up the sand, or
  2. Try a different building, or
  3. Abandon the marketplace altogether

Number three is a dumb idea of course; that would be throwing the shoping cart out with the bankwater.  Number two is nearly as dumb; non-Internet consumer services like AOL and MSN had to jump on the Internet bandwagon in the mid 90’s just to survive, and those that didn’t will be unearthed in sixty million years as fossil fuel.

That leaves number one: shoring up the sand.   Security-enhanced hypertext: the wave of the Web future.

Filed under: Uncategorized | Tagged: , ,

« »

Leave a Reply