If you are reading this, there is a high probability that you are a developer, even if you are not you should at least know who a software developer is ðŸ˜‰. My task here is to explain what hacking is, who hackers are and how it's important for you as a developer to know how their operations affect our decisions.
In times past the term 'hacker' was used to describe someone who was a computer expert. Today the term has become associated with someone who, with their technical knowledge, uses bugs or exploits to break into computer systems.
When I say a developer is a full time hacker, I am referring to that developer who is a white hat hacker, someone who is up to date with security issues mainly around his area of expertise. For example, if I am a web developer I should know the security implication of every line of code I write. Note that I am only in support of white hat hackers, don't try to hack NASA ðŸ˜’. Never ever use knowledge of hacking to damage or illegally gain access to any system. I am not saying you must be a hacker, I am not saying if you do not know about hacking you are less than a developer, I am saying that it is wise as a developer to learn at least a little about it so that you develop good coding practice and put security as top priority.
I know there are some people who just want to code and go on with life, I do hope after reading this article you change your mind. This website is wonderful, a great community of coders, but do you know that it needs a server somewhere to operate. You cannot doubt the fact that the server is not fully secure. There is no such thing as total security therefore there is always room for improvement.
Hackers are not some fantasy world figures, they are real people, and they are really smart. To be a hacker requires you to see things differently. If an elite hacker were to attend an event they would pay attention to the slightest of detail, developers say "kotlin is out ðŸ˜" while hackers says "kotlin is out ðŸ’€", hackers are always ready to take advantage of flaws. Everyone is excited about internet of things, don't you think hackers are excited also? IOT makes cyber crimes more lethal, it gives hackers more equipment in their toolbox. So if you are developing for IOT it will be wise to put security first.
You spend sleepless nights coding, I know ðŸ˜Š, but do you know there are some people spending sleepless nights learning how to hack what you might build ðŸ˜.
Do you know that Over 500 different Android apps that have been downloaded more than 100 million times from the official Google Play Store were found to be infected with a malicious ad library that secretly distributes spyware to users and can perform dangerous operations.
On March 7, this year, WikiLeaks published a data trove containing 8,761 documents allegedly stolen from the CIA that contained extensive documentation of alleged spying operations and hacking tools. Revelations included iOS and Android vulnerabilities, bugs in Windows, and the ability to turn some smart TVs into listening devices.ðŸ˜
A growing reliance on cloud services creates vulnerabilities for organizations. Tens of thousands of MongoDB (cloud) databases were hijacked and held for ransom in 2016 after users left outdated versions exposed, without authentication turned on.
More than 4,000 ransomware attacks have occurred every day since the beginning of 2016.ðŸ˜²
We developers are always excited to use new features, new libraries, new frameworks, with new releases comes new vulnerabilities, be careful!
You can use new stuff, I use new stuff, just be careful because new attacks are coming. This may not be so much of a concern to hobbyist, but if you are serious about software development you cannot ignore all these and go scot-free.
A software developer who is knowledgeable about cyber security knows how to prevent and recover from them. One of the Google developer experts I follow on twitter once posted that someone tried to hack into his GitHub account, but because of two-factor authentication the hacker failed. Do you know who is watching you on the web, do you really know? ðŸ‘€ ðŸ‘€ ðŸ‘€ ðŸ‘€
Also keep up to date with latest trends on OWASP which keep us up to date with the top ten trends.
For 2017, the OWASP Top 10 Most Critical Web Application Security Risks (in the Release Candidate) are:
A2 Broken Authentication and Session Management
A3 Cross-Site Scripting (XSS)
A4 Broken Access Control (As it was in 2004)
A5 Security Misconfiguration
A6 Sensitive Data Exposure
A7 Insufficient Attack Protection (NEW)
A8 Cross-Site Request Forgery (CSRF)
A9 Using Components with Known Vulnerabilities
A10 Underprotected APIs (NEW)
Blogs such as null-byte and https://blog.g0tmi1k.com are great. If you want to learn while having fun you could try overthewire. I will leave you to search for the rest, lest I give too much information to the wrong person ðŸ˜Š.
Also check offensive security, they are top notch. I respect anyone with their certificate as much as I respect a Google developer expert, believe me they...are...top...notch.
Have fun and code safe ðŸ˜Š.