Network Security Is So Nineties!

Another year in which the network is still the security paradigm. How is that possible after all the media attention and various blogs who talk about webapplication security, it's gaping holes, millions of unsecured databases and the tremendous financial losses? isn't it clear that the network is just mere infrastructure? just like the railroads. Naturally, you'll need good tracks that are maintained regularly to ensure a safe passage. But what happens on the train, stays on the train and travels across the tracks into different stations. This seems a good analogy to computer security, because you can compare the train tracks with the network infrastructure and the train being the application that runs on it into our computer and is executed in our browser. Looking back, I can make only one conclusion: everyone underestimated and still underestimate the power of Javascript. Obviously, the message isn't clear to all parties. We have two camps that don't understand each other, let alone the third camp: the marketeers who want to shelve a piece of insecure software yesterday.How can we bridge these huge gaps? I have a couple ideas. One of them is to keep on blogging, hitting their systems, hacking their websites, launching pOc's and get media attention by provoking large corporations like Google and Microsoft. Finding holes on their system only works in the right way. It ensures attention, media coverage and security. Long live full disclosure! people normally oblivious to security suddenly realize they might have holes them selfs and go on exploring this fascinating field of webapplication security. The Chinese have a saying: When the right men uses the wrong means, the wrong means work in the right way. And this is exactly what we do, and what our intentions are. The reason that I take security serious is due to other people who came before me. I learned it from them, they are my tutors and I was their apprentice even while they didn't know I was. I read all the advisories, all e-books, and saw all video's and read all blogs that covered webapplication security. For me, blogging about these issues is like passing the torch others gave me. In order to keep it alive, keep secure and to teach others as others taught me. I had a few results, Firefox and Internet Explorer is a lot safer, I helped tons of website owners to secure their websites and applications, and booked some other results by just writing about it. My reward is simply writing about it and learning more each day. Investigating new horizons and new approaches. I think it is important what we do. Each day someone comes on the Internet clueless about all the things we know. It is so important that this knowledge survives, not only for ourselves but also for the future. Because if something is certain, it is that the Internet will evolve, it already has from network based applications to virtual appliances and application that run in