No matter the profession, if you aren’t taught of the dangers tied to your craft early on in your educational experience, it could have a significant impact on your work down the road. That’s even more-so the case when it comes to computer science students.
In a recent presentation given by Bugcrowd Trust and Security Engineer Keith Hoodlet, he outlined this issue and how it has resulted in a lot of insecure software. According to Hoodlet, when students learn about either software development of application security, they tend to learn about the topics serially, rather than in parallel.
What’s the answer to ending this dangerous cycle? Hoodlet believes it’s a technique called attack driven development.
“It’s breaking down the idea of building it, breaking it, and fixing it so that you understand the threat landscape effectively in your development process,” Hoodlet told InfoSec Insider during a video interview at the InfoSec World Conference & Expo in Orlando, Florida. “The idea is to make developers better security professionals, and security professionals better developers.”
During our discussion, Hoodlet outlined the importance of attack driven development and offered up the key steps security practitioners should take for this approach to have a positive impact on their overall security strategy.