What are unique aspects of a software Lifecycle of an attack/tool on a software vulnerability?
Posted
by
David Kaczynski
on Programmers
See other posts from Programmers
or by David Kaczynski
Published on 2012-10-15T13:36:29Z
Indexed on
2012/10/16
17:20 UTC
Read the original article
Hit count: 358
At my local university, there is a small student computing club of about 20 students. The club has several small teams with specific areas of focus, such as mobile development, robotics, game development, and hacking / security.
I am introducing some basic agile development concepts to a couple of the teams, such as user stories, estimating complexity of tasks, and continuous integration for version control and automated builds/testing.
I am familiar with some basic development life-cycles, such as waterfall, spiral, RUP, agile, etc., but I am wondering if there is such a thing as a software development life-cycle for hacking / breaching security. Surely, hackers are writing computer code, but what is the life-cycle of that code? I don't think that they would be too concerned with maintenance, as once the breach has been found and patched, the code that exploited that breach is useless.
I imagine the life-cycle would be something like:
- Find gap in security
- Exploit gap in security
- Procure payload
- Utilize payload
What kind of differences (if any) are there for the development life-cycle of software when the purpose of the product is to breach security?
© Programmers or respective owner