Paid Advertising
web application security lab

And Beyond…

Here we are, my friends. The 1000th post. Whew! It’s quite a load off to have finally made it. Hopefully this doesn’t come as a surprise to anyone since I’ve been announcing it for months, and if you have questions, hopefully the FAQ can answer them. I wrote and re-wrote this post several times. There’s so much to say. How can you sum up 5 years of a blog in one post? I have so much to say, but I’m not going to write a book about why I’m shutting the blog down, I’ll just focus on the major issue at hand - happiness. Isn’t that what life’s really all about?

It wasn’t that long ago that I unfortunately lost my love affair with security. Even a few years ago my wife would find me up way too late at night writing some little proof of concept code, excited to post about it the next day. A lot has changed. Some of it is external forces, and some of it is that I realized that I’ve done what I came here to do. When I ask audiences at conferences how many people have heard of XSS or CSRF or command injection or SQL injection, nearly everyone raises their hand. I can rest easy now in that the ultimate mission of the blog has been a success - people have been educated, partly through me, and partly because the industry at large has stepped up to the plate and done an amazing job of absorbing the problems.

I started as a place for me to experiment on my own, and share ideas with a few like-minded folks. I never intended it to be a big site, but scope creep from the original mission changed all that. I realized I could educate a lot more people than the 20 or so readers I had started out with. 20,000 readers, countless press articles and 5 years later, and I’ve been run through the meat grinder. My love for security was unfortunately replaced by a sense of servitude.

With any kind of work you get a sense of anxiety. But the biggest problem is that security stopped making me happy. I got into security because I enjoyed the intellectual puzzle. The industry around me has certainly changed several times since I got started but more importantly I too changed. My wife told me not too long ago that I wasn’t a hacker anymore, I was a politician, looking to see how I rated in the polls. I really didn’t like what I had become - that’s not me at all. I normally hate the press, and I’ve never enjoyed public speaking. It was always a necessary evil. An evil that I embraced far too much, if you ask me.

They say that if you look at the graph of happiness in your life you can tell what sort of life you led. For instance, if your life starts positive, then goes down, and then ends positive it’s a comedy. If it starts low, goes up and then ends badly, well, then you lead a tragic life. I’ve never claimed to be a futurist, and in fact, I’ve found the question, “What do you think we’ll see in the future” to be a terrifying question - what if I’m completely wrong?

I’m not an oracle and I really don’t like giving people incorrect information. But if I were to look at the graph of my life honestly, it wasn’t trending well over the last few years, looking more like downward trending saw blade of perpetual highs and lows. Although there have been a lot of individual highlights and amazing things that have happened, I’ve noticed and other friends, family, and peers have noticed that I’ve gotten less and less happy as a whole. As much as my trustworthy friends tried to convince me that the negative sentiment was meaningless, it was having a profound effect on my desire to continue. The saw blade was trending downward. I’m not blameless for how I got here - no one is perfect, least of all me.

Although I’m a fun loving person in many ways I also tend to be a pessimist and I do take things too seriously sometimes - definitely to a fault. I saw my happiness declining and the light at the end of that tunnel was getting further and smaller as I went on. It became harder to shrug things off, and I started worrying about even the simplest of things. So instead of being a victim of my own circumstance I made a decision to make my own destiny and start enjoying life again.

So this is it - I’m taking my happiness back and I’ll be taking on new and exciting challenges without the drama of intense public scrutiny. It’s time to make the graph of my life into a comedy - filled with excitement and wonder in the unknown. I’ll always have a soft spot for security; I’ll keep up on it, and I’ll continue to research and run my company, among a lot of other things, insofar as it doesn’t impinge on my happiness. Not hedonism, my friends, happiness. Now is the time to seize the day and start having fun again. Life’s too short.

I could also spend pages iterating all the people who’ve helped me think through the countless issues we’ve talked about, sent in ideas and generally made this website and WebAppSec in general a success. Rather than risk excluding anyone all I can say is that I truly, deeply respect all of you for your skills and appreciate what you’ve done for me and the industry as a whole. Perhaps no one but me will truly appreciate everything you’ve done, but trust me, you’re the real gods of WebAppSec. I wish you the best. So I leave it to you all - this industry along with all the good and bad, in very capable hands. Trust me, there are plenty of amazing people out there. Now it’s time for them to take their rightful place.

So… where can this mythical happiness monster be found, you may be asking? For me the journey to find happiness starts with a cold beer - so that’s where I’m headed. On behalf of id and myself, adios, my friends! Thank you for reading.

135 Responses to “And Beyond…”

  1. Ben Says:

    Been a long time reader, never a commenter. I will miss checking your blog for updates but wish you the best of luck on your journey.

  2. Spyware Says:

    Thanks for all the fish and have fun being happy!

  3. stucky Says:

    Good luck. Being somewhat intelligible about software security certainly warps your perception of the world in some funny ways.

    And thanks for keeping sla.ckers up for the foreseeable future. Much appreciated by us all I’m sure.

  4. cde Says:

    Been a long time reader, but not a commenter, i will miss your blog posts :(

    Have fun rsnake, enjoy your life!

  5. phaithful Says:

    Congrats on the 1,000 posts! Felt like it wasn’t too long ago that you started blogging … but 5 years, wow!

    I’ll miss the insights and the hilarious anecdotes … but I definitely can empathize with wanting to enjoy life more than anything else.


  6. cEz Says:

    Congratulations on a job well done! I’ll miss reading your posts.
    Best of luck on the hunt for the happiness monster

  7. theharmonyguy Says:

    Thanks for all the ways your contributions and resources have helped me learn a field that I’m now happy to be working in. Wish you all the best.

  8. Joăo Pedro Pereira Says:

    I’m a follower of this blog for many years and I think we all lost one of the best places to read about appsec ! But you know what’s important to you. Your life, your happiness, so good luck and I hope you win those challenges !

  9. admin Says:


  10. abcdelasecurite Says:

    Many thanks for lessons and thoughts, probably this one too. I/we’ve learned huge amounts of skills from you and think you deserve it to change your mindset and find better ways to hapiness

  11. Xylitol Says:

    Good luck.
    and thanks for all ressources you have maked available.

  12. PaPPy Says:

    Adios RSnake, sad to see you go. I’ll miss the updates. Thank you for what you have taught myself and everyone else.

    Get some R&R and enjoy life, and spend some good quality time with your wife (I’m sure she deserves it).

    Take it easy,

  13. Nicola P. Says:

    Goodbye Rsnake, the underground will not forget you.

  14. digi7al64 Says:

    Personally I would have stopped at 1337 posts but meh.
    Farewall, good luck and best wishes for the future… and cheers for keeping up. It took me ages to get corporate to give me access (this site is listed as a terrorist organisation)

  15. ClickJacker Says:

    Thank you for all your threads. Don’t stop the good fight and have a cold beer.

    Cheers to RSnake

  16. jah Says:

    this post reads like the last chapter of a novel one has enjoyed for many moons and it evokes the same kind of sadness; thankfully, there’s always another book to pick-up and revel in.

    thank you and best wishes

  17. Brian Honan Says:

    Best of luck with everything.

    If you ever need anything you know how to contact me.

  18. Eber Irigoyen Says:

    for lack of eloquence, so long, and thanks for all the fish

  19. Robin Says:

    Thanks for all the great work. You never know, after a break you might decide to get back in to it.

  20. Jeremiah Grossman Says:

    Thanks for everything, including the inspiration to start blogging. Beer on me next time.

  21. Jeremiah Grossman Says:

    Oh, but now you can’t come to the Security Bloggers Meet-Up at RSA! LOL!

  22. Jarrod Loidl Says:

    Thanks for the site and your blog. For what its worth, your work has touched the lives of me and my peers.

    I wish you well in your future endeavours.

  23. AppSec Says:

    RSnake, it’s been a pleasure reading. I got into app sec about the same time you started blogging about it. You helped teach a great deal — not just technically, but thought processes as well.

    Good luck on whatever the future holds.

    They say your legacy is what makes you…. You can’t hide from that.. Your legacy is being written, and is going to be around for along time.

  24. Rafal Los Says:

    Well sir… If everyone who learned something intelligent from you bought you 1 beer, you’d never have to buy yourself a beer again. See you IRL somewhere, enjoy the time away.

  25. Chris Shiflett Says:

    It’s been a great ride.

  26. Gorka Says:

    Thanks man, it has been awesome.

    Personally I’ve learned A LOT here, not only in the technical stuff but rather in the “thinking out of the box area” and for that I really thank you.


  27. wlet Says:

    enjoy your life….

  28. geir Says:

    Cold beer is a good start. Enjoy!

  29. Johan Says:

    What is, or isn’t, interesting is always up to the person you ask it too. Though the first thing we need to research… Where will we get our security news from when you go silent?

  30. Johan Says:

    Do you have any recommendations on other blogs that are into security?

  31. Sasha Says:

    All the best Robert, if there’s one who deserves it, it’ll be you. I’m proud to say; that you were the first one who inspired me to dive into WebAppSec, and I think many concur. :)

  32. thetestmanager Says:

    Very rarely a security person comes along transforms the way we all think about what is possible by their blog posts and code example and then leaves.

    Only one other I can think of RainForestPuppy.

    I’m sure you’ll be back although in the meantime, enjoy life.

  33. Giorgio Maone Says:

    Thank you.
    The NoScript community and I owe you a lot.

  34. Sheridan Says:

    Well, thanks for the education!

  35. Mephisto Says:

    Rsnake, I have a beer with your name on it the next time I see you! Thanks for all your contributions and your personal assistance at solving some other issues for me as well!

  36. Tom Brennan Says:

    On behalf of the OWASP Foundation - thank you for your contributions, advice and help on the connections committee

  37. Popotxo Says:

    Ez adiorik, RSnake

  38. kad1r, Says:

    Good bye RSnake. We will miss you. Thanks for all resources.

  39. Eitan Adler Says:

    I am saddened to this blog come to an end, I learned a lot from it.
    I’ll miss reading your posts and I’ll miss the updates from the website.
    However you have to do whats best for you and I wish you the best.

  40. Chris Eng Says:

    Wow, big decision. You’ve done some great work over the years. I’m glad to have shared the stage with you at one of your final conference appearances. Enjoy the change of pace, and best of luck for the future.

  41. Robert David Graham Says:

    If we ever meet up again, the beer is on me.

  42. Manicode Says:

    Thanks for all the good advice on AppSec and French cuffs. You’re a good egg, and I wish you the best in your persuit of happiness.

    Aloha, RSnake!

  43. Darknet Says:

    Cheers bro, it’s been a good few years. Maybe you’ll get your passion back after a hiatus - who knows?

  44. Philomela Says:

    Goodbye. ;)

  45. infosecisland Says:


    Hey man, you did what you set out to do. Thanks for showing us that courage really has more to do with choosing happiness than anything else…i’m sure it was a long journey to get to the point of actually carrying through with it, but for those of us still out there, carrying on, you were an inspiration, a source of reason, new concepts and accountability—you really did make a difference.

    Thank you!

    Mike Menefee
    President and Founder of Infosec Island

  46. Nikita Says:

    i have been reading your blog for 1yr now. and learnt and still learning a lot from it … i will for sure miss checking the blog for new post!

    wish you well in your pursuit of happiness.

  47. Manish S. Says: was the first blog I had bookmarked when I took my first steps in Appsec. Thanks a lot for all the inspiration. It was a pleasure reading your posts. Best of luck for the future …. have fun :)

  48. J. Stelwagen Says:

    Never posted here before, always read your posts. Learned a lot.

    I suppose all things must come to an end, so does this blog.

    Enjoy, live long and prosper! (For lack of better words.)

  49. flexis Says:

    I’ve truly enjoyed reading this blog.
    Why not start brewing your own bear?


  50. M Says:

    Can’t get myself to delete you from my RSS feeds… It was fun while it lasted.

  51. taz Says:

    Wise choice, thanks for all. You have done so much you deserve it :)

  52. securityninja Says:

    Thanks for all the cool and insightful blogs over the years.

    I’m sad to see you leaving security but I’m happy that you have found a way to be happier in life!


  53. yrew Says:

    Thank-you for all the lessons, you, and many others by now, kept opening my eyes about the web and the way how broken it real is. That perception of how things work when you want to use things in a most harmful way is something that keeps blowing my mind. What blows it even more is the sheep like looks I sometimes get when I try to discuss it with other webdeveloppers. Anyways enjoy the beer and life to the fullest, I wish you the best

  54. Guigoz Says:

    Never posted too, thanks for all these posts!
    Enjoy your life and good luck!

  55. hp4r Says:

    Follow your blog since one year, very interesting for a “noob” like me ! (even if I don’t understand everything). I learn a lot.
    Thank you.

  56. etd Says:

    Thanks and good luck

  57. Fabio Cerullo Says:

    You have been an inspiration for thousands of security pros.

    I could say without hesitation your mission with the industry has been fullfilled to full extent.

    Best of luck in your future endeavours!


  58. Soroush Says:

    Never forget that you are one of the web security pillars :) Wish you the best :)


  59. ptl Says:

    As the first commenter, i’m a long time reader, and i think that this is my first comment here (!). Thanks for all the good work you’ve done and shared with the community ! I’ll drink a glass tonight “ŕ ta santé” like we say here in france :-)
    May the force be with you for your new adventures !

  60. austrian_bernie Says:

    Thanks for everything! I’ am going to miss that blog…

    cheers & good luck

  61. ThePost Says:

    Au revoir.

  62. pdj Says:

    Thanks for the gift of knowledge. Good luck in your pursuit of happiness

  63. iceberg1369 Says:

    It’s about 1 year that Im one of this blog and I still enjoy reading posts,
    be happy

  64. Kevin Riggins Says:


    Thanks for all the great blog posts over the years!

    I completely get your thoughts above and respect your decision.

    All of us should take a step back now and again and make the same kind of assessment you have.

    Best of luck and have a happy life.


  65. David Sopas Says:

    Thanks for everything Robert.
    You inspired my career on web security.

    Good luck!
    Enjoy every bit of life :-)

  66. matrix212 Says:

    What is the meaning of happiness in your life is the same with What is the meaning of your life. Thanks for your sharing all this time you already be a legend…but I think sometimes the process through the goal is the happiness not the goal itself :)

  67. David Hughes Says:


    I’ll miss your posts, but I am happy for you. It would be a pleasure
    to buy you that beer.

  68. Samy Kamkar Says:

  69. thesp0nge Says:

    A cold beer is always the answer.

    Thanks for all inspiring reading you provided over latest years, now my rss feeder will be poor :-(

    Take care

  70. Erwin Says:

    Hi RSnake,

    Thanks for the good work. I hope that you keep the site online so that we can read some of your postings in the next years and say: He was so right :).

    I will buy you a Belgian beer, if you ever make it here!

    PS: This reminds me of M. Curphey joining Microsoft :)

  71. Chris Wysopal Says:

    If there was an infosec hall of fame we would have to induct you. Thanks for all the great posts. Good luck!

  72. pjh Says:

    Nosce te ipsum

    …most folks never will…

    ….congratulations on your move..thank you for all the excellent postings

  73. Threatpost Says:

    Great blogs and good luck with happiness.

  74. Jordan Says:

    It’s been fun. Hope to still see you ’round.


  75. p0deje Says:

    Bye, sir RSnake! I owe you a truly interest in web security. Thanks for * and Detecting Malice. Gonna miss this all

  76. xcitem Says:

    It is hard to see you move on, but I wish you the best of luck and a happy life.
    Please keep up your blog, it has so much valuable information.

  77. kongo_86 Says:

    About a year i started my first security job. Looking at ids logs. first alert i looked at was “Cross-Site-Scripting” Good Ol’ ISS. Did a google search and your site was the first thing that came up. next to wikipedia :) Every since i have not looked back and continues to learn and learn. Well thanks your share of knowledge. Blessings to you and your family.

  78. Penny Lane Says:

    Good luck Robert and smart decision; I’m sure you will be glad you take this path.

  79. Jabra Says:

    Your blog has made me a better security consultant. Thanks for everything!

  80. Tom Brennan Says:

    Thank You.

  81. tx Says:

    So long RSnake, it’s been a good run! :)

  82. cbolat Says:

    everybody in webAppSec probably learn a lot of thing from you, or Thank you for all resources..

  83. Ed Williams Says:

    Thanks for all your efforts and best of luck!


  84. sansibarfox Says:

    Hey, thanks for alle the funny and interesting post over the past years. When I started interesting mine about security was one of the first sources I read. It was a bit hard in the beginning but over the 4 years I was reading my knowledge and skills increased and I was always happy to see a new post online in my rss-feeds.
    Thanks a lot and good luck for your futur


  85. Anton Rager Says:

    I disappeared for the past several years to sharpen other skills, enjoy life more and take a mental break from the security community — Aside from the 1000 blog entries, I think I understand some of what you’re going thru.

    I wish you the best of luck in finding your inner-happiness.

  86. Silh Says:

    Been a long time reader from France, never a commenter. I will miss your blog ! i wish you the best ! as we say in France ” bravo et chapeau bas “

  87. AbhishekKr Says:

    it’s been a >

  88. Rosario Valotta Says:

    Thanks a lot for your inspiring posts.
    Enjoy your life, your beer… and your family. :-)

  89. rgreenberg Says:

    Best of luck with each new sunrise. thanks for the memories and great thoughts!

  90. thetestmanager Says: would be most obvious choice.

    Similar content & same sort of security vision.

  91. Marcin Says:

    Aww Rob, even though I’ve given you shit some times, I’ll miss ya :)

  92. austin Says:

    its a shame, i just discovered this site some time ago and it has been up since. i have been checking for updates every day. i shall miss it. but i can definitely see where you are coming from, have fun and good luck in life.

  93. Andre DeMarre Says:

    Thank you for all your security research you’ve generously shared with us here. Invaluable!

  94. Reiners Says:

    Thank you for 5 years inspiration and all the best for your future!

  95. Tina Louise Says:

    I have just come across this post - from a link at Twitter - and although I know nothing of you but this post as I haven’t visited before… wish you happiness, cold beer and happy endings :)

    Tina Louise

  96. Braille Says:

    Like many others, long time reader, never commenter. Thanks for the good times! And good luck with your continuation. Fare well.

  97. Uncue Says:

    I suck at that game too. My wife beats me all the time. I found WWF Lookup (in the app store) is a lot of help to find the best word to play. HTH.

    PS: Long time reader never poster, thanks for everything you have to for us. I certainly appreciate it and I’m sorry it made you unhappy for so long.

  98. Atul Agarwal Says:

    I really enjoyed reading your posts. But like all good things, its over.

    Best of luck with your life, your future assignments and life. I am sure you would find your happiness back.

  99. Tom Says:

    Thanks for the countless interesting posts ..


  100. wouanou Says:

    I really enjoyed following your blog, but never leaved a comment.
    So now I think it’s time to say thanks, and congratulations for this amazing blog !
    I wish you all the best.

  101. Patrick W. Barnes Says:

    Your sacrifice, the impact to your happiness incurred bringing your perspectives on security before the public eye, is greatly appreciated. I suspect that you have been an even bigger help to WebAppSec than you realize and that your contributions will be a lasting benefit to the entire world. Thank you. You deserve your comedy, and I hope it comes to you.

  102. infinity Says:

    So long rsnake. I rarely commented on this blog, but I want to thank you for the many articles that I enjoyed reading. The XSS Cheat Sheet is a classic.

    Good luck and all the best.

  103. Cygnus Says:

    RSnake, I wish you the very best. I’m sure there will be other aspects of the web that get you excited to stay up late at night. Ping me when you want to go nuts in that direction.

  104. Wornstrom Says:

    I may just shed a tear as i remove this from my feeds…

  105. Vikstrous Says:

    Thank you for the many hours I’ve spent reading this blog. I’ve never commented before, but I feel obligated to at least leave you this one comment in return for everything. You’ve educated and inspired me, and I’m sure others too. The security folder of my RSS reader will feel empty without you.

  106. someone Says:

    anyone ( knowledgeable ) to volunteer to take over this blog?

  107. TAS Says:

    Countless beer already offered and will continue after my comment , can make you next beer baron ;) Thanks for all the lessons and research at All the very best.

  108. WhiteAcid Says:

    Thanks for what you’ve done. You’ve helped countless people, myself included, explore something fun, something interesting and something worthwhile.

    All the best with your future ventures.

  109. Denis Says:

    Thank you very much and good luck for the future.

  110. jairo0023 Says:

    Good luck in your journey jairo0023 here long time reader,
    when they say xss i raise my head thanks to you…. xd
    GOOD LUCK for Wlp.Rd de-bug

  111. Braden Says:

    Thank you! You’ve done wonderful things. Best wishes.

  112. adi Says:

    Bye Rsnake! All the best!

  113. 4ghuZ Says:

    i’m gonna cry.. hikz’
    honestly… so sweet :))


  114. one-of-many Says:

    Thanks and good luck. My bookmarks will miss this site for sure.

  115. Toto Says:

    I’ll never leave a comment in your blog till here, that you say goodbay….WTF….Dont Leave your Reader dammit….i always wait your POst….

  116. Happyness Says:

    Good luck in the search for happiness. I have linked to a place where you might find some answers.

  117. QuadsZilla Says:

    Thanks for everything. If you ever need anything from me or the crew, don’t hesitate to ask.

    Now, if I can just get you to take a vacation . . .

  118. Johan Says:

    You have thought me alot RSnake, even though I’m a humble web-programmer who’s focus isn’t security.
    I enjoyed your reading, and will miss it…

    So long, lonesome warrior, best of luck to you.

  119. markofu Says:

    Thanks Rsnake.

    It’s been both a pleasure and an education reading your blog!!

    Cheers :)

  120. V Says:

    Midlife crisis?

    I am starting to think that certain a degree of depression and anxiety is part of security profession. “Normal” people click on phishing links without hesitation and get owned, but are happy in the process.

  121. Adrián Says:

    Good luck RSnake,

    have fun and enjoy your life. Being happy is all that matters in life, and sometimes, when you take a hobby to the next step, and start doing it for money or somewhat obliged it looses all the magic.

    So, that said, buena suerte :)

  122. mokum von Amsterdam Says:

    You alone have done more for ‘the scene’ then most certifications did combined with all their followers.
    Now take a rest and I am looking forward to where you’ll shop up again because for sure you will make waves there too.

  123. espen Says:

    Thanks for all the valuable information.

  124. James Says:

    It’s OK to be burnt out with blogging, but you still need other avenues for sharing. So, as long as you don’t stop podcasting and speaking at conferences, your soul will recover.

    May I suggest you twitter more? Having a mechanism to release is always a good thing…

  125. Dave Naylor Says:

    get a on a plane and fly to the UK.. you are always welcome at my home.. I even have open Wifi a spare laptop (think it has malware on it thou)

    seriously have a vacation mate !


  126. Yrew Says:

    If you come to the netherlands I have a toshiba tecra 8000 from a former bank you can use. A whopping 266 mhz and “windows 98 ready” should be save but it is a little slow

  127. Rob Decker Says:

    RSnake=Awesome. All the best.

  128. Dan Weber Says:

    Great job. Have fun!

  129. Armando Says:

    being always a reader, one or two times a commenter, I just want to say thanks, many thanks for sharing a part of your knowledge with us, good luck.


  130. Jim Says:

    You are not alone in your unhappiness and your loss of love for security. Why does security burn us out? Why did we lose our love for it? Sometimes I think its because the industry as a whole has become very stagnant - every time I hear about a “new” vulnerability, it seems to be something I’ve seen before and not new at all. Being a security expert has become very mechanical and is as intellectually stimulating as it used to be. It used to be about finding the latest vulnerabilities and breaking things so that you can learn how they work. Now its about applying the latest monthly (or weekly, or daily) patch, reviewing the daily log file, verifying your AV signatures are current (which does you no good nowadays). Have we reached a plateau? Is all of the excitement gone? I remember how excited I was when I first learned about SQL Injection. “Wow! You can really do that? I would never thought that something like that could be done! This is awesome!”. Now, its like “Oh, yay, another XSS/CSRF/buffer overflow/SQL Injection/”. Am I missing something, or has security really become that boring?

  131. Gino Says:

    Although I only read a small handful of blogs (and I’m going to miss your posts here that generally lead me off into A.D.D. land with ideas and research) .. I have to say congrats on #1000 and reclaiming a subset of your life brotha :)

  132. Greg Says:

    Thank you.
    This blog was one of the first I followed when I only got started with programming and security. It had a great influence on what I do for a living today, and I hereby express my gratitude for it.

    Good luck.

  133. avetis.kazarian Says:

    Thank you for your posts.

    I always had a great time while reading your blog.

    Hope you’ll be back some day, somewhere else maybe :]

  134. PaPPy Says:

    Why have the forums been down for so long?

  135. id Says:

    @PaPPy, please see the FAQ.