When it comes to securing software systems, pretty much everybody is worried about getting hacked. But what’s the best way to defend?
To defend against attackers, you need to think like them.
First, let’s make sure the term “hackers” is understood. This term has been widely abused in the media to refer to bad people doing evil things. In reality, “hackers” is a neutral term. Hackers are simply problem solvers, who make systems work differently than they were supposed to. Ethical hackers find security flaws in order to improve the system, while attackers try to find the same flaws, but to exploit the system instead. They’re both hackers.
Hackers relentlessly look for flaws. They identify assumptions, break systems, and ask “what-if” questions. By thinking like your attackers, you can anticipate and prevent attacks.
So how can you start thinking like a hacker?
Stop following the rules.
What it means to think like a hacker
To think like a hacker, you need to figure out what you’re not supposed to do. Most people follow the rules and use your application as you intended. Hackers actively do the opposite.
Allow me to explain with a metaphor. A while back, I went to a