The most important part of a security training is to develop the mindset of protecting against threats. To do so, we need to follow a key tenet of security:
This is difficult for developers, since we focus on making things work. However, this should be part of the lenses we use to look at our code:
Think of these as different hats that you would put on while analyzing, architecting, designing or writing the code and the tests for your code.
So how does an attacker think? We talked about the different phases of a cyber attack, but let’s simplify and talk in specifics:
So how do we think like an attacker? Well, we brainstorm the possible threats and classify them based on probability and impact. To think like an attacker, we formulate them “A potential attacker could [exploit]”. We then figure out how to reorganize our software in order to prevent the top vulnerabilities.
To guide our brainstorm, we will need to be familiar with the most common vulnerabilities today.