Episode 3. Secure Coding — Break what you build
→ A huge part of coding is building.
→ We need to have the skill of breaking our own code in order to become good secure coders (need not be an expert, basic breaking code knowledge is fine).
Learning the basics of attack system:
→ This is an amazing skill. If we know how to crack a code, we will never create a code that can be cracked.
→ There are some amazing tools available in the market, to break your own code without lots of learning.
→ The value of these tools is we can start looking at the exploits area of our own code.
→ By breaking our code, we can get many valuable insights into our application.
Search code for exploits:
Hack our own code:
One of the biggest benefit of learning to break software is that you get interact with security professionals
Benefits of Attack Knowledge:
→ Constructive collaboration with team members is always better.
→ Constructive collaboration with the security team can even be more valuable for today’s development team.
DevOps: Bringing Operations into the development process.
DevSecOps: Bringing Security into your development process
→ Everyone in the team learns and become responsible for the security footprint of the application.
→ Once the developer understands to break software and start to have more constructive and start to have more constructive conversations with security professionals, the entire team benefits.
→ We will hopefully see faster turnover on bug fixes.
If we know how to break a software, we will be prepared to fix software or yet prevent security defects to begin with.
In one of my project in Abu Dhabi, we were working with security specialist. He was so obsessed in breaking whatever we make.
He had some softwares, that could manipulate client request. Changed payment data from 50 AED to 50000 AED 😳
If we create server side security along with client side, application will work like a charm.
Thank you for reading till the end 🙌 . If you enjoyed this article or learned something new, support me by clicking the share button below to reach more people and/or give me a follow on Twitter and subscribe Happy Learnings !! to see some other tips, articles, and things I learn about and share there.