http://www.mikeandrews.com/2008/01/14/silver-bullets-or-magic-beans/ Fri, 09 Apr 2010 12:01:55 -0700 http://wordpress.org/?v=2.9.2 hourly 1 http://www.mikeandrews.com/2008/01/14/silver-bullets-or-magic-beans/comment-page-1/#comment-248 BlueHat review | Mike Andrews Mon, 20 Oct 2008 04:08:51 +0000 http://www.mikeandrews.com/2008/01/14/silver-bullets-or-magic-beans/#comment-248 [...] remember all of the answers or points that each of us raised (although I did pull out the "silver bullet and Jack and the Beanstalk" allegory at one point).  I hope there’s some audio somewhere as there was some [...] [...] remember all of the answers or points that each of us raised (although I did pull out the "silver bullet and Jack and the Beanstalk" allegory at one point).  I hope there’s some audio somewhere as there was some [...]

]]> http://www.mikeandrews.com/2008/01/14/silver-bullets-or-magic-beans/comment-page-1/#comment-196 VA+WAF: that’s hot! | Mike Andrews Fri, 20 Jun 2008 05:57:34 +0000 http://www.mikeandrews.com/2008/01/14/silver-bullets-or-magic-beans/#comment-196 [...] However, just because it’s not a magic bullet, doesn’t mean that there’s not at least some worth behind the [...] [...] However, just because it’s not a magic bullet, doesn’t mean that there’s not at least some worth behind the [...]

]]> http://www.mikeandrews.com/2008/01/14/silver-bullets-or-magic-beans/comment-page-1/#comment-9 Crystal ball 2008 | Mike Andrews Wed, 23 Jan 2008 03:45:21 +0000 http://www.mikeandrews.com/2008/01/14/silver-bullets-or-magic-beans/#comment-9 [...] they can be used in catching certain attacks like SQL injection and XSS in their basic form, and therefore are of some use, but after these attacks are gone what is left are business logic flaws, authorization flaws, and [...] [...] they can be used in catching certain attacks like SQL injection and XSS in their basic form, and therefore are of some use, but after these attacks are gone what is left are business logic flaws, authorization flaws, and [...]

]]> http://www.mikeandrews.com/2008/01/14/silver-bullets-or-magic-beans/comment-page-1/#comment-2 Wanted: More Penn & Teller’s | Mike Andrews Wed, 16 Jan 2008 07:09:59 +0000 http://www.mikeandrews.com/2008/01/14/silver-bullets-or-magic-beans/#comment-2 [...] So, this is a call out for more Penn and Teller’s of the security world.  Share the knowledge as far and wide as you can.  Let other testers, developers, consultants, clients, management, etc, etc, etc, know about the “tricks” you’ve found, describe how they work, and make the attackers (who no-doubt already have this information, and use their own knowledge networks much like the magic castle/magic circle) work harder - you’ve seen the slight of hand, and it no longer fools you. Over time we’ll expose how the “John the Magnificent”, script-kiddie-esq, tricks work leaving just the “master magicians”.  It’s debatable how much this will help, but I think moving the bar, education and knowledge is one of the remaining silver bullets. [...] [...] So, this is a call out for more Penn and Teller’s of the security world.  Share the knowledge as far and wide as you can.  Let other testers, developers, consultants, clients, management, etc, etc, etc, know about the “tricks” you’ve found, describe how they work, and make the attackers (who no-doubt already have this information, and use their own knowledge networks much like the magic castle/magic circle) work harder – you’ve seen the slight of hand, and it no longer fools you. Over time we’ll expose how the “John the Magnificent”, script-kiddie-esq, tricks work leaving just the “master magicians”.  It’s debatable how much this will help, but I think moving the bar, education and knowledge is one of the remaining silver bullets. [...]

]]>