Web App Security: How to Explain It to Your Boss

A few ideas for decoding web application security jargon

If your CEO demands a 30-second elevator ride explanation of application security, these (almost) jargon-free analogies might come in handy

Buffer overflow

Imagine a hospital waiting room that gets so overcrowded that the extra people spill into the next room, which is foolishly unlocked, and which happens to be the patient records room. Hackers make this happen intentionally (by cramming too much information into a website's input field) in order to get access to the areas they shouldn't.

SQL injection

SQL injections are like technical Jedi mind tricks. Your Web application asks for an input such as a password, but instead the hacker types in a command (written in the SQL language, hence the name). If your application has a weak mind, it can't tell that the input isn't a valid password, and it does whatever the command specifies.

Stateful inspection

Network firewalls normally act like mailroom clerks who just look at the addresses on the outside of each envelope. Stateful inspection means opening the envelope (and making sure there's no mysterious white powder) before passing it along to the addressee.

Copyright © 2004 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline