Denim Group has been acquired by Coalfire. Learn More>>

What Do Whales Have To Do With Application Security?


I was fortunate enough to have the opportunity to go to SeaWorld last Friday and play around with some of the beluga whales.  In a lame effort to justify this boondoggle as a “work related” activity, I decided I had to at least put together a blog post relating my SeaWorld experience to application security.  So here goes…

Before they let us swim with the whales we watched a short video where they explained some background about the animals and how they were trained.  An interesting fact that came out of this was that beluga whales’ blow holes are closed by default and they only open when the whale surfaces to breathe. A system that defaults to denying access – what a great idea!  That kind of reminded me of a post from Ivan Ristic about the normal default allow model that makes web application security so difficult.

I don’t know if this is the type of cross-disciplinary insight the Medici Effect book talked about, but at least I feel a little less like a slacker after taking a day off work to go to SeaWorld.

dan _at_

About Dan Cornell

Dan Cornell Web Resolution

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Leave a Reply

Your email address will not be published. Required fields are marked *