Musings Through the Lens...

View Original

The Joys of Waiting for Tools

Ah the joys of waiting for tools to do their job. Set the scan up either of the source code of an application or a dynamic scan of a website, click go and wait and wait and wait and...

If you're lucky, the progress indicators s l o w l y creeps along. And you wait and wait and wait and...

Of course you can go off and do other stuff while the computer chugs like attend a North Alabama ISSA lunchtime meeting or write a blog post but you still end up coming back, looking at the progress, hoping it has moved since the last time you looked and you wait and wait and wait and...

As tedious as that is, it's far better than the alternative. It is far more tedious to look at code line by line by line for thousands or hundreds of thousands lines of code. Far more tedious to try to hand jam parameter manipulation and send it all to a website over and over again.  It's far less tedious to periodically check that progress bar, fingers crossed, to see if it has advanced. As much as you might be eager to get to triaging the results, letting the tool compile those results for you to look at is far less tedious than doing it all yourself. The computer doesn't get tired or bored doesn't need coffee and it's pretty good at grinding its way through finding things that would take us weeks or months to do. It doesn't care that the work day is over and can happily chug along overnight. (If you're lucky and it doesn't hang!) It can tirelessly keep track of a data flow from source to sink across call after call after call across complicated call stacks. Try doing that manually for each and every input and not grow old while doing it!

And when the tool is done, you get to spend your time looking at interesting things and diving deep on something rather than spending your time and your customer's money on tediously finding everything the hard way. We get to have fun, the computer gets to do the drudge work.

As fun as waiting can be, it beats the alternative.

Sigh, still scanning but at least the bar is moving. Back to waiting and waiting and...