How Offensive Training Improves Defensive-Only Approaches in Secure Coding Training

4 min readMay 28, 2021

Originally posted: https://www.hackedu.com/blog/how-offensive-training-improves-defensive-only-approaches-in-secure-coding-training

“I used to attack because it was the only thing I knew. Now I attack because I know it works best.”
- Garry Kasparov, chess legend

Chess is an oft-used analogy for cybersecurity because there are many similarities between the two. At their core, they are games of strategy which pit two adversaries against each other in a bid to outdo each other in a duel of intellects. The best chess players do not merely apply pre-meditated tactics to win. Rather, they inhabit their opponents’ minds, study their psyches, and view the world from their antagonists’ viewpoint before they even sit down at the chess board. They build defenses ahead of time to force their opponents’ hand, and think three moves into the future to anticipate counterattacks. The goal, of course? Stay alive.

The same goes for cybersecurity: Anticipating cybercriminals’ moves and building appropriate mechanisms to deal with each one is something that must be done proactively, and is necessary to combat the most sophisticated cybercriminals successfully.

While many secure code training programs ascribe to a defensive-only philosophy of responding to threats as they emerge, at HackEDU we understand the necessity of thinking three steps ahead. That’s why our training philosophy encompasses offensive as well as defensive strategy, to equip developers with the most comprehensive knowledge about code-based attack vectors.

Defensive Training

Defensive training focuses on ways to defend against known threats by prescribing fixes for each type of vulnerability. It is the ‘how’ of secure coding training. Defensive training alone is great for developers who are learning about secure coding for the first time, as it offers them a gentle introduction to secure coding, but it is limited by both the number of examples and corresponding solutions that the designers of the training can develop, and how much developers who take the training are willing to consume. The knowledge scaffolds in a linear progression, and is limited by the quantity of training consumed.

How Offensive Training Improves Defensive-Only Approaches in Secure Coding Training

Written by Jared Ablon

More from Jared Ablon

How to Add Automation into a Secure SDLC (DevSecOps)

How to Add Automated Operations into a Seamless Secure Coding Practices Workflow

How to prevent SQL Injection vulnerabilities: How Prepared Statements Work

Read the full post here: https://blog.hackedu.com/how-to-prevent-sql-injection-vulnerabilities-how-prepared-statements-w

What Are Security Champion Responsibilities

Your company has decided to add security champions to improve your overall security postures, and you’ve chosen great candidates to take…

Secure Code Review Best Practices

Originally posted here: https://blog.hackedu.com/secure-code-review-best-practices

Recommended from Medium

The ChatGPT Hype Is Over — Now Watch How Google Will Kill ChatGPT.

It never happens instantly. The business game is longer than you know.

Building a Secure Cybersecurity Research Lab: A Journey of Isolation and Exploration

Introduction

Lists

General Coding Knowledge

Stories to Help You Grow as a Software Developer

Coding & Development

It's never too late or early to start something

22.6k+ GitHub Stars Note-Taking App Hit by XSS Vulnerability

CVE-2023–3067: Stored Cross Site Scripting Vulnerability on renowned note-taking thick client app Trillium

Advice From a Software Engineer With 8 Years of Experience

Practical tips for those who want to advance in their careers

10 Seconds That Ended My 20 Year Marriage

It’s August in Northern Virginia, hot and humid. I still haven’t showered from my morning trail run. I’m wearing my stay-at-home mom…

Detecting Mockingjay Process injection

What is Process Injection?