OK, I’ll discuss it like a Muppet!

The day had started quite well, I had managed to get a few little jobs out of the way in the morning. The day was looking to be quite productive at this rate, then the dreaded email arrived from security. As I haven’t posted much of late I’d best explain one of the problems that’s come to light, this related to one of the applications we have in house. It’s fronted using a web server, that allows the users to query a database – a fairly common setup really. Now as part of the due diligence process our European colleagues had examined the security of the applications, this particular application was found somewhat lacking in this respect. In fact on a scale of 1 to 10 for security, it would have scored about -2 maybe even less if one wanted to be pedantic about it.

In due course an instruction was issued, this instruction was quite straight forward and not difficult to interpret. The instruction said “Make the application secure and prevent unauthorised use”, the application was looked at and several problems became apparent. Without a major change to the application and the addition of an other table in the database it would be impossible to secure at the application level. This of course is the point where you discover that the IT person who wrote the code had not put a single comment in it and that the whole thing is undocumented. It’s also when you discover that the application is defined as business critical, the final and most embarrassing thing that you discover is that the people in the security team can’t read their own native language.

The email that arrived today at lunch time made the last statement superfluous, this was just so obvious when you got to the bit about examining the previos days logs and identifying unauthorised use of the system. In my response, I did draw a parallel with Horses and the Stable Door – however during an ensuing discussion with a friend they pointed out that I too had missed the point. What they said was that the proper example was using a CCTV camera to see which Horse had run away, with hind sight I had to agree. Still the light sabre’s are drawn and the air is filled with a humming sound, I await the response of the security person – ready to parry the blow!