Teaching Attacker perspective to Developers


Learning by doing is a quite successful education concept. Although software developers are typically not meant to become professional pentesters, it is still a valuable approach to teach them the Attackers Perspective and let them loose on practical hacking exercises or vulnerable applications. Only when they saw something breakbreak something themselves, can they appreciate all the secure coding guidelines as help and not see them as an impediment.

Why

In this working session, we can share our experience with various tools and services used in practical developer security training sessions.

  • How to sell the idea of “breaking” things to developers who typically have constructive mindsets
  • How to integrate exercises into instructor-led training sessions
  • Do you advocate do-it-yourself learning?
  • Share experiences using current online service providers
  • Run-through of open source tools (like WebGoat, Security Shepherd, Juice Shop)
  • Are vendor demo applications (like AltoroMutual) an option?

Potential Outcome

  • Recommendation for a Learning Path guiding developers through various hands-on sessions in an appropriate order (e.g. with increasing difficulty)
  • Best Practice for developer-focused security training
  • Developer training Antipatterns and Pitfalls

Who

The target audience for this Working Session is:

Related Working Session(s)



Back to list of all Working Sessions and Tracks

Edit this page here