Software Life-cycle of Hacking

Posted by David Kaczynski on Programmers See other posts from Programmers or by David Kaczynski
Published on 2012-10-15T13:36:29Z Indexed on 2012/10/15 15:53 UTC
Read the original article Hit count: 346

At my local university, there is a small student computing club of about 20 students. The club has several small teams with specific areas of focus, such as mobile development, robotics, game development, and hacking / security.

I am introducing some basic agile development concepts to a couple of the teams, such as user stories, estimating complexity of tasks, and continuous integration for version control and automated builds/testing.

I am familiar with some basic development life-cycles, such as waterfall, spiral, RUP, agile, etc., but I am wondering if there is such a thing as a software development life-cycle for hacking / breaching security. Surely, hackers are writing computer code, but what is the life-cycle of that code? I don't think that they would be too concerned with maintenance, as once the breach has been found and patched, the code that exploited that breach is useless.

I imagine the life-cycle would be something like:

  1. Find gap in security
  2. Exploit gap in security
  3. Procure payload
  4. Utilize payload

I propose the following questions:

  • What kind of formal definitions (if any) are there for the development life-cycle of software when the purpose of the product is to breach security?

© Programmers or respective owner

Related posts about development-process

Related posts about security