How to Think Like a Hacker to Secure Your Software

Matthew Runkle

Matthew Runkle is a member of Veracode’s Security Consulting team. Matt has experience in the defense and commercial spaces, conducting application and network security research for organizations including DARPA. Prior to that, Matt worked as a software developer, both freelance and for various defense contractors.

Build Like a Maker, Think Like a Breaker.

With a maker mindset, the outcome is a functioning, robust application that performs designated tasks. A breaker mindset looks at the same app and uses its functionality to do something else. The breaker looks for ways to repurpose the software to perform different, sometimes malicious, tasks. Every time makers add features, they need the breaker mindset to consider how someone might input data in an unexpected way.

Remember the Fundamentals.

Many breaches now boil down to missing some fundamental principles: input validation and output encoding. Hackers use simple techniques that have been around for a long time to exploit applications without these basic protections. Developers, then, need to understand and internalize those concepts into the software and application security to prevent breaches. Teach developers the basics of application security and let them experiment with vulnerable applications.

Plan for Emerging Technologies.

There’s been a shift to providing microservice architectures, building more complex apps by assembling small, specialized components. Because this approach requires passing data back and forth, there will be flaws stemming from the interactions of multiple services, abusing that data transfer to break the app. Designing microservices is an opportunity to think like a breaker and figure out how we can make that app do something unintended.

By Matthew Runkle | 16 Mar 2018

Make security a competitive advantage.

We’ll show you how to give users better, safer experiences.

See how >