What are unique aspects of a software Lifecycle of an attack/tool on a software vulnerability?

Posted by David Kaczynski on Programmers See other posts from Programmers or by David Kaczynski
Published on 2012-10-15T13:36:29Z Indexed on 2012/10/16 17:20 UTC
Read the original article Hit count: 355

At my local university, there is a small student computing club of about 20 students. The club has several small teams with specific areas of focus, such as mobile development, robotics, game development, and hacking / security.

I am introducing some basic agile development concepts to a couple of the teams, such as user stories, estimating complexity of tasks, and continuous integration for version control and automated builds/testing.

I am familiar with some basic development life-cycles, such as waterfall, spiral, RUP, agile, etc., but I am wondering if there is such a thing as a software development life-cycle for hacking / breaching security. Surely, hackers are writing computer code, but what is the life-cycle of that code? I don't think that they would be too concerned with maintenance, as once the breach has been found and patched, the code that exploited that breach is useless.

I imagine the life-cycle would be something like:

  1. Find gap in security
  2. Exploit gap in security
  3. Procure payload
  4. Utilize payload

What kind of differences (if any) are there for the development life-cycle of software when the purpose of the product is to breach security?

© Programmers or respective owner

Related posts about development-process

Related posts about security