How to Think Like a Hacker to Secure Your Software

Matthew Runkle

Matthew Runkle is a member of CA Veracode’s Security Consulting team. Matt has experience in the defense and commercial spaces, conducting application and network security research for organizations including DARPA. Prior to that, Matt worked as a software developer, both freelance and for various defense contractors.

Build Like a Maker, Think Like a Breaker.

With a maker mindset, the outcome is a functioning, robust application that performs designated tasks. A breaker mindset looks at the same app and uses its functionality to do something else. The breaker looks for ways to repurpose the software to perform different, sometimes malicious, tasks. Every time makers add features, they need the breaker mindset to consider how someone might input data in an unexpected way.

Remember the Fundamentals.

Many breaches now boil down to missing some fundamental principles: input validation and output encoding. Hackers use simple techniques that have been around for a long time to exploit applications without these basic protections. Developers, then, need to understand and internalize those concepts into the software and application security to prevent breaches. Teach developers the basics of application security and let them experiment with vulnerable applications.

Plan for Emerging Technologies.

There’s been a shift to providing microservice architectures, building more complex apps by assembling small, specialized components. Because this approach requires passing data back and forth, there will be flaws stemming from the interactions of multiple services, abusing that data transfer to break the app. Designing microservices is an opportunity to think like a breaker and figure out how we can make that app do something unintended.

By Matthew Runkle | 16 Mar 2018

Subscribe to The Blueprint

Share the wealth and suggest a friend to subscribe to The Blueprint:

At CA, your time and privacy are just as important to us as they are to you. We use the information you provide to us under our legitimate interests to make sure you hear about topics of interest to you. If we got it wrong you can update your preferences by clicking here. If you'd like to know more about how we use your personal information, you can read our privacy statement here.

Please fill out all required fields

You are now subscribed to The Blueprint.