Click here to Skip to main content
8,868,272 members and growing!
  
Email Password   Lost password?
Search within:



add
Add to your CodeProject bookmarks
Print Article
Site map
 » Web Development » Web Security » Security
Licence CPOL
First Posted 20 Sep 2009
Views 4,624
Bookmarked 3 times

How security is very much like MMA

By | 20 Sep 2009 | Technical Blog
It occurred to me after following the most recent UFC MMA (via the web blogs rather than PPV as I’m still too cheap!) that security and MMA have a lot in common. More precisely the fighters in a stable as very similar to security algorithms or process.
ArticleBrowse CodeStatsRevisions (2)Alternatives
  Discuss
Discuss this article
 2  
A Technical Blog article. View original blog here.[^]

It occurred to me after following the most recent UFC MMA (via the web blogs rather than PPV as I’m still too cheap!) that security and MMA have a lot in common. More precisely the fighters in a stable as very similar to security algorithms or process.

Once a fighters weakness has been exposed there is really nothing you can do to unhide that weakness. You could have the best fighter in the world one day, then the weakness is exposed… You are in trouble!

Security is very much the same. You can perform all the scans, probes, fuzzes, code reviews and feel confident (well as confident anyone does in the security world!) that you are pretty well covered. One revelation a day later can completely invalidate your expectations, and you have to completely start over. Sometimes it is a slow build up, other times it is the equivalent of a bomb.

Bottom line is once a weakness has been exposed you need to

  • See if it can be simply covered
    • Fighter can learn to defend take downs (or not get hit in the head :-) )
    • Algorithm can be enhanced to extend its life DES==>3DES
  • Relegate
    • Fighter acts as the ‘gatekeeper’ to the higher competition levels
    • Algorithms security clearance has been lowered, it cant be used in the more secure areas. Examples of this are theoretical discoveries that are likely to result in the actual weakness some time later.
  • Retire
    • Fighter retires, becomes a commentator
    • Algorithm depreciated as it is shown to be fundamentally insecure, now studied in university to show the weakness that designers need to be aware of. Think WEP!

If the weakness is known it is natural the opponent will attempt to get a competitive advantage using it. The longer the weakness is known the more adept the opposition will be at exploiting it.  This is true for both MMA & security!

Companies running a SDL are the equivalent to the fighters stable. It is their job to recognize the weaknesses and manage the processes and algorithms so any weaknesses are covered or retired before they become a major problem.

Gareth

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

About the Author

GarethI



United States United States

Member

 I'm Gareth and am a guy who loves software! My day job is working for a retail company and am involved in a large scale C# project that process large amounts of data into up stream data repositories.
 
My work rule of thumb is that everyone spends much more time working than not, so you better enjoy what you do!
 
Needless to say - I'm having a blast.
 
Have fun,
 
Gareth

Article Top
 
Sign Up to vote   Poor Excellent
Add a reason or comment to your vote: x
Votes of 3 or less require a comment

Comments and Discussions

 
You must Sign In to use this message board. (secure sign-in)
 
Search this forum  
 FAQ
    Noise  Layout  Per page   
  RefreshFirst Prev Next
GeneralMy vote of 1 PinmemberCountry Man4:34 21 Sep '09  
GeneralRe: My vote of 1 PinmemberGarethI5:30 21 Sep '09  
Last Visit: 13:37 26 May '12     Last Update: 9:36 26 May '12 1

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Mobile
Web02 | 2.5.120517.1 | Last Updated 20 Sep 2009
Article Copyright 2009 by GarethI
Everything else Copyright © CodeProject, 1999-2012
Terms of Use
Layout: fixed | fluid

The Code Project Insider. Free each morning.
Http 500 Error resolution
ScrollBar Control with Different Visual Style using VB.NET 2008
Iterating through menustrip items
Mocking the generic repository
LINQ on the command-line
Stored Procedure Data Gateway
8-Puzzle solving using the A* algorithm using Python and PyGame
Simple C Hashtable
User Feedback For Long Running Tasks in ASP.NET
A Look At The Growing Need For Anti-virus Software
Authoring Documentation with DocProject and Sandcastle
ASP.NET automatic Object to UI Binding
Logging information in Oracle
Using DataPlotter implementing three kinds of Scan-converting Line Segments algorithm
Dynamically Pointing to Shared Data Sources on SQL Reporting Services using a Report Definition Customization Extension (RDCE)
Design the WCF service without implementing interface
Snail Run For Windows Phone
How to get current function return type using __FUNCDNAME__
Merge DataGrid Header
NodeJS REST server trials to validate effective scripting
Wcf.js: Call WCF web services from Node.js