| ▲ | iLoveOncall 5 days ago | |
Pretty poor analogies here. > The output of a blue team is only as strong as its weakest link: a security system that consists of a strong component and a weak component (e.g., a house with a securely locked door, but an open window) will be insecure Hum, no? With an open window you can go through the whole house. With a XSS vulnerability you cannot do the same amount of damage as with a SQL injection. This is why security issues have levels of severity. | ||
| ▲ | carstimon 5 days ago | parent | next [-] | |
You've made the choice of (Locked Door, Open Window) ~ (Good SQL usage, XSS Vulnerability) which seems to be an incorrect rebuttal. Your example doesn't contradict "only as strong as its weakest link", here the weakest link is the XSS Vuln. The "house analogy" can also support cases where the potential damage is not the same, e.g. if the open window has bars a robber might grab some stuff within reach but not be able to enter. | ||
| ▲ | cowpig 5 days ago | parent | prev | next [-] | |
Does this detail detract from the core idea? | ||
| ▲ | Ensorceled 5 days ago | parent | prev | next [-] | |
You can always find problems with analogies, analogies are intentionally simplified to allow readers to better understand difficult or nuanced ideas. In this case you are criticizing an analogy meant to convey understanding of "weakest link" for not also imparting an understanding of "levels of severity". | ||
| ▲ | pkoiralap 5 days ago | parent | prev [-] | |
Not true, if XSS is used to compromise an admin user, the damage can be far more than what a seemingly harmless SQL injection that just reads extra columns from a table does. This particular comment feels more like an over-concentration on trivialities rather than refutation or critique of opinion. | ||