Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.
Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.
There is a difference between what is possible and what is probable, something we often lose sight of in the world of information security. For example, a vulnerability represents a possible way for an attacker to exploit an asset, but remember not all vulnerabilities are created equal. Obviously, we must also keep in mind that a vulnerability's mere existence does not necessarily mean it will be exploited, or indicate by whom or to what extent. Some vulnerabilities are more difficult to exploit than others and therefore attract different attackers. Autonomous worms & viruses may attack one type of issue, while a sentient targeted attacker may prefer another path. Better understanding of these factors enables us to make informed business decisions about website risk management and what is probable.
In this presentation, Jeremiah Grossman will discuss the two prevailing but opposing security religions - Depth Religion and Breadth Religion. Jeremiah will then review the common misconceptions associated with each religion as it pertains to website security.
Login to see the comments