Attack Driven Development

Keith Hoodlet Trust & Security Engineer, Bugcrowd (Panelist at DevSecOps Conference)
12 Sep 2017
12: 20 - 13:10
Ballroom

Attack Driven Development

Software Security professionals often express the concern that we do not teach Computer Science students about the dangers of insecure software as they begin their formal education. Moreover, when students learn about either software development or application security, they tend to learn about these topics serially – rather than in parallel. With the ever-increasing pace of new software development techniques and frameworks, Attack Driven Development lays out a process through which students and professionals alike can learn about the tools, techniques, and procedures for software development and application security in parallel.

Attack Driven Development uses the acronym “A.D.D.” purposefully, as it is designed to recursively work through a process of learning, building, breaking, and fixing applications – with each of these steps intended to occur in micro-bursts. In order to keep up with the pace of new frameworks and tools, this process makes use of learning several things at at a time – with each step of the process further developing and honing skills that have been previously built-up. The end result of leveraging this process is an understanding of how to test applications for security flaws, as well as develop more-secure software.