Hacker Methodology

1. Scan
2. Enumerate
3. Penetration
4. Escalation
5. Pillage

STDD - secure test driven development

  • Tests can be written to verify the threat.
  • A solution can be implemented to block the threat, and quickly be confirmed to be working.
  • Provided all other tests still pass, you can quickly verify that all other security measures and all other functionality still behave correctly.

Benefits:

  • quick turnaround time from when a threat is discovered to when a solution becomes available
  • Reproduce security findings
  • Debu security exploits
  • Confirm code is non exploitable
  • Normal testing cycles
  • Not introduced at a later stage