Proper vulnerability analysis is critical to delivering secure software. It is equally important if you find yourself in the middle of a major motion picture too. Consider the following:

  • If you only had one single vulnerability, wouldn’t you commit pretty much any and all resources you had available toward ensuring that said vulnerability was impossible to exploit? Sauron let his top soldiers, the Nazgul, run all over Middle Earth, getting involved in what amounted to turf battles. A smarter strategy would have been to completely fortify Mount Doom, and THEN start worrying about taking over the rest of Middle Earth. Having a firewall is not sufficient. You need to record and monitor activities at both the perimeter of a network and close to its most-valuable assets.
  • If you have an application that hosts valuable data from an attacker’s perspective, you need to ensure that all inputs are validated and appropriately sanitized. The most comprehensive physical security out there can be rendered irrelevant by failing to perform validation on even one input. You need look no further than “Snatch” and its diamond heist as proof of this. Criminals, posing as buyers, bypass the security by posing as expected input and are not screened completely.
  • Sandboxes, whether for virtual servers or VM’s for code, need to be completely isolated from the host operating system. If someone can leave the sandbox and touch the underlying host, it is possible for the host to be compromised. In “The Matrix”, Neo broke out of the sandbox, rooted the host, and then corrupted the processes running in the sandbox.
  • If you must have a trusted subsystem that is allowed to perform low-level actions against high-value assets in an unauthenticated manner, then you need to make sure that authentication and authorization to your trusted subsystem is extremely strong. Having an authorized process share its authorization token with a malicious process will allow the malicious process to access the assets. In “Brazil”, Minister Helpmann shares his password with Sam, who then uses it to access the master systems and “delete” all records of the existence of an individual.
  • When mapping out the security roles in an application, always consider following the principle of least privilege. If a user doesn’t need access to an action or asset to perform their authorized duties, they shouldn’t be allowed access. If a system is improperly modeled, and a user can access low-level or administrative functionality, it can be used to exploit an application. In Star Trek’s “Best of Both Worlds”, Data issued the “Sleep” command to all members of the collective, forcing them to go to sleep. Clearly, this command should only have been made available to a small set of super-users or administrators.