I was fortunate enough to have the opportunity to go to SeaWorld last Friday and play around with some of the beluga whales. In a lame effort to justify this boondoggle as a “work related” activity, I decided I had to at least put together a blog post relating my SeaWorld experience to application security. So here goes…
Before they let us swim with the whales we watched a short video where they explained some background about the animals and how they were trained. An interesting fact that came out of this was that beluga whales’ blow holes are closed by default and they only open when the whale surfaces to breathe. A system that defaults to denying access – what a great idea! That kind of reminded me of a post from Ivan Ristic about the normal default allow model that makes web application security so difficult.
dan _at_ denimgroup.com