Security

What enterprise developers can learn from hackers

Thinking like a hacker has many advantages for the enterprise developer. Two former hackers share six valuable lessons drawn from hacker culture.

Even if you’re not sure you’d hire a former hacker, your staff can learn a great deal from talking with one. Developers in an enterprise shop wouldn’t be wasting their time listening to former hackers Rob Newhouse and Dan Verton. Verton authored The Hacker Diaries: Confessions of Teenage Hackers and is a former U.S. Marine Corps intelligence officer. Newhouse is Chief Technology Officer of Orbit 11 Partners, a New York-based option market-making company. Together, they offer six lessons enterprise developers can learn from hackers.

Hiring an ex-hacker
You can read more about hiring ex-hackers in the article ”Should you hire an ex-hacker?

Lessons from the hacker culture
Some valuable lessons for enterprise developers have their origins in the unique hacker culture.

Nothing is impossible
One of the major tenets of hacking and cracking has always been that nothing is impossible. Many problems are difficult to solve, but that means changing your approach in order to attack them from a different direction. The same thinking can be applied to enterprise development. It’s easy to claim that your deadlines are unrealistic, but are they really impossible? Newhouse notes that, like hacking a system, you must consider unusual solutions when coding business requirements.

Criticize your own work
Learn to be brutally honest when it comes to evaluating your work. Find the strong and weak points. Hackers are always analyzing and criticizing their work; enterprise developers must do the same. Ideally, it should be a daily task that becomes a dynamic process.

Look for unique solutions
Impressing other hackers is one of the major driving forces behind hacking. That was Newhouse’s goal when he wrote a new piece of software. Earning fellow hackers’ praise for creativity was just as important as the personal pride he took in the accomplishment. In the corporate world, the goal is to work out a unique solution, taking into account cost and other parameters important to the enterprise. Striving for unique results benefits your company and your reputation.

Hunt for security vulnerabilities like a hacker
Verton suggests taking security strategies out of the hacker’s playbook. In other words, think like they do.

Software doesn’t ship secure out of the box
Software is not shipped with standard security settings. When you buy a new operating system, systems administrators must go through it carefully. All default settings must be changed. Hackers know this, and it makes it easier for them to break into a system. Enterprise developers would do well to follow suit and consider potential security lapses in their designs.

Find your system’s vulnerabilities
Take a defensive position and look at your enterprise from the hacker’s perspective. It’s a good idea to actually hack your system for its vulnerabilities. This should be done regularly, especially when you have a change in your enterprise—new users, for example. The formal term for this process, “Red Teaming,” originated in the military. Red Teaming is a vulnerability assessment that targets information-based systems and associated support infrastructure to uncover security problems and devise fixes.

Monitor what’s being posted out about your company
It’s important to search the Internet to find out what’s being said about your company or its software. Hackers use this reconnaissance technique to gather information on their targets—for example; when administrators unwittingly release information a hacker can use to gain entry into a system. Regularly gathering such defensive intelligence will help you stay a step ahead of the hackers.

Lessons from a hacker
Are there important lessons that can be learned from hackers? Tell us what you think or post a comment below.

 
0 comments

Editor's Picks