1. InfoconDB
  2. Hackfest
  3. Hackfest 2017
  4. Attack Driven Development: Getting Started in Application Security

Attack Driven Development: Getting Started in Application Security

Presented at Hackfest 2017, Nov. 4, 2017, 2:30 a.m. (Unknown duration)

Software Security professionals often express the concern that we do not teach Computer Science students about the dangers of insecure software as they begin their formal education. Moreover, when students learn about either software development or application security, they tend to learn about these topics serially - rather than in parallel. With the ever-increasing pace of new software development techniques and frameworks, Attack Driven Development lays out a process through which students and professionals alike can learn about the tools, techniques, and procedures for software development and application security in parallel.

Attack Driven Development uses the acronym "A.D.D." purposefully, as it is designed to recursively work through a process of learning, building, breaking, and fixing applications - with each of these steps intended to occur in micro-bursts. In order to keep up with the pace of new frameworks and tools, this process makes use of learning several things at at a time - with each step of the process further developing and honing skills that have been previously built-up. The end result of leveraging this process is an understanding of how to test applications for security flaws, as well as develop more-secure software.


Presenters:

  • Keith Hoodlet
    Keith started on his path toward a career in Information Security in the mid-90's as a kid playing Blizzard's popular PC title, "Diablo". It was at that time he learned how to use Telnet to spoof multiple connections to Blizzard's online platform, "Battle.net", using unauthenticated Diablo trial accounts. Needless to say it wasn't long before he became hooked on text user interfaces and networking protocols. Keith graduated from Keene State College with a B.A. in Psychology in 2009, and recently attended classes in Computer Science at University of New Hampshire - during which time he also interned at Veracode as a Code Security Engineer. Since then, Keith has worked as an Engineer on the Customer Success team at Rapid7, and now works as a Trust & Security Engineer at Bugcrowd. In his free time he continues to develop his skills in Web Application Development and Security, and is the Co-Trainer of the "Offensive Web Hacking" course offered at DerbyCon 7.0 "Legacy".

Links:

Similar Presentations: