Lesson 2: Think like an Attacker [](slides/may-dso-bootcamp-week-one-lesson-two.pdf)[](https://speakerdeck.com/devsecops/devsecops-bootcamp-week-1-lesson-2)

May 27, 2016 · View on GitHub

Anatomy of an Attack


* Think like an attacker
* Attacker motivations

Attack Maps


* Understanding the attack vectors
* Mapping out all the possibilities

The Intel Highway


* Collecting data
* Making the data useful and finding patterns

Crawl, Walk Run


* Identify important security design constraints and controls that need to get built into your software
* Prioritize and build security defenses over time to reduce security risks
* Achieve limited security debt by developing a CWR strategy

Lab #2


* Build an Attack Map
* Build a Crawl Walk Run Strategy

Resources

O'Reilly Excerpt, Anatomy of an Attack: The Five P's
Raindance - Attack Maps
Github Integrations