Reading Jeremiah Grossman’s recent post on what’s happening, and what’s to come reminds me of what network security used to be like: attacks on the infrastructure has caused plenty of damages, and thus the effort focused on defending against them. This has led to the current (relatively more matured) state of the network and hosts security domain.
It’s hard for people to care about anticipated dangers, till it becomes true on a large scale or when it happens to them, sad but true.
Nonetheless, it’s high time industries/companies/individuals start to look seriously into attacks at the web application level, because it has been the path of least resistance for the attackers for a long time already.
And time for the whitehats to really prepare the answers needed by the masses in time to come.