Scratching the Surface of Security

Security of digital systems is an almost infinitely deep topic, consisting of a multitude of intertwined fields. It is this multi-disciplinary nature that, in my opinion, makes security so hard to comprehend in its fullness.

Here is why I believe this: Once I have understood the implementation overview of TLS, I started feeling the urge to dig deeper into some of the steps involved to make it more difficult to penetrate. When I have almost grasped a few of them, I realised I did not know much about symmetric ciphers so it might be fun to explore that area. By then, I have left the waters of IT and dived deep into some (literally) cryptic corners of mathematics and as I puzzled over the Feistel cipher and Turing knows what else, social engineering started looming large and suddenly crept up on me, seemingly out of nowhere. And that's just the pinnacle of the iceberg as then, even if I got all this completely right (which is, let's be honest, extremely unlikely), what about the vulnerabilities like XSS, HPP, CSRF and a host of others, caused by utterly different factors?

I am no expert and never intend to be one. This is just my attempt to understand some basics of security by scratching its surface. It is as incomplete as anything can be. It is up to the reader to dive deeper. I guarantee that there are plenty of deepers to go :)