Builders and BreakersJuly 28, 2022 Tweet
In chapter seven of the book, Reinventing Cybersecurity, Tracy Bannon writes about tearing down the muscle memory holding developers back from embracing security best practices. This also applies to silos between development teams and the pen testers trying to ‘break’ their products in order to improve their security.
In this videocast, Casey Ellis tells the story of how his penchant for breaking things led to him creating a new model of security testing under his successful company, BugCrowd. Following that, Tracy and Casey engage in a lively conversation about digital transformation, ransomware, IOT and how some of the most well-known software bugs are still commonly exploited. They also explain how to unite the builders – those who develop code – and the breakers – in this case outsourced pen testers working under contract with BugCrowd.
“More builders need to think like breakers,” Tracy says in the webcast. “I also want testers to understand how builders think.”
The breaker mindset is inverted thinking, adds Casey. “Instead of focusing on what the software should do, the breaker focuses on what the software should not do.”
In this interview, get perspectives from the builders and the breakers, and how the two can work together smoothly to improve security in third-party applications.
Helpful resources discussed in this interview:
MITRE database of Common Vulnerabilities and Exposures (CVE)
OWASP Top Ten Web Application Security Risks
In-Depth whitepaper, Secure by Design, sponsored by GrammaTech (registration required)
GrammaTech secure design services