How Offensive Training Improves Defensive-Only Approaches in Secure Coding Training

Originally posted: https://www.hackedu.com/blog/how-offensive-training-improves-defensive-only-approaches-in-secure-coding-training

“I used to attack because it was the only thing I knew. Now I attack because I know it works best.”
- Garry Kasparov, chess legend

Chess is an oft-used analogy for cybersecurity because there are many similarities between the two. At their core, they are games of strategy which pit two adversaries against each other in a bid to outdo each other in a duel of intellects. The best chess players do not merely apply pre-meditated tactics to win. Rather, they inhabit their opponents’ minds, study their psyches, and view the world from their antagonists’ viewpoint before they even sit down at the chess board. They build defenses ahead of time to force their opponents’ hand, and think three moves into the future to anticipate counterattacks. The goal, of course? Stay alive.

The same goes for cybersecurity: Anticipating cybercriminals’ moves and building appropriate mechanisms to deal with each one is something that must be done proactively, and is necessary to combat the most sophisticated cybercriminals successfully.

While many secure code training programs ascribe to a defensive-only philosophy of…