Horror Stories

It’s almost Halloween, so why not celebrate with an appsec adaptation of the opening of Edgar Allan Poe’s The Raven.

Once upon a midnight dreary, while I pondered, weak and weary,

Over many a quaint and curious volume of forgotten lore—

Which I coded, error trapping, suddenly there came a tapping,

As of testing gently flapping, flapping I could not ignore—

“’Tis some insecure,” I muttered, “tapping at my logic for—

Buffer size and nothing more.”

It took me a while to settle on phrasing I liked. The following version was a close runner up. It hinted at SQL injection instead of memory safety, but it didn’t feel like it captured an injection flaw just right.

Once upon a midnight dreary, while I pondered, weak and weary,

Over many a quaint and curious volume of forgotten lore—

Which I coded, error trapping, suddenly there came a tapping,

As of input gently snapping, snapping at my datastore—

“’Tis some insecure,” I muttered, “tapping at my datastore—

Using AND instead of OR.”


Check out this episode's show notes for links to the articles we covered. And please take a moment to subscribe.