GroupOn’s Aaron Bedra, a senior software engineer, wants to unleash developers’ inner hacker when they’re building secure Web sites. For Bedra, it takes roughly eight minutes to find a glaring security hole in another programmer’s code.
As a result, he recently tackled the topic “Unleashing Your Inner Hacker” at Future Insights Live in Las Vegas. He noted the top ten reported attacks haven’t changed much over a three-year period ending in 2010, yet some of the attacks continue to get recycled.
Skilled hackers Need Not Apply
WebGoat is a Java application designed to teach developers how to better employ web security. It’s intentional vulnerabilities offer up a bunch of exercises to put developer-hackers through the paces in discovering all its security holes. If you go through WebGoat’s exercises, you’ll gain basic auditing skills to try it on your own Web code, said Bedra.
During his presentation, Bedra threw the hacking challenge to the audience and we saw it real time. First, audience members sent user warning alerts, followed by someone causing the whole site the fail. Eventually, one audience member rerouted the page to Google.
Developers find this type of self hacking a form of empowerment, Bedra says. And it’s fun, he added. One audience member agrees, noting he and his colleagues have a lot of fun challenging each other to break into each other’s WordPress sites.
Bedra also recommends reading The Web Application Hacker’s Handbook to learn more on creating secure code and battle-testing Web sites.