Programmers need to think like hackers

Great, another &quot;hackers are cyber criminals&quot; blog.<p>Btw, every section is numbered &quot;1.&quot; on my Android&#x27;s Chrome.

This seems <i>really</i> obvious, but I&#x27;m glad someone is saying it. I think there&#x27;s a trend of &quot;Teach everyone to code&quot; like a vocational thing that misses the extent to which coding is <i>nothing like</i> e.g. plumbing. As in, with plumbing, the <i>best way to do things</i> is much more generally known and teachable.

Just don&#x27;t be a cheap date. I&#x27;m hardly any kind of &quot;hacker&quot;. I&#x27;m barely a &quot;programmer&quot;.<p>But if I&#x27;m in a conference room, and I see some little embedded computer powering something, my mind immediately starts going &quot;Oooo, wut that? Does it run something unixy? I wonder if it connects to the same network as the main office. I could probably borrow its little flash memory disk without anyone noticing for a day or so. I bet I could put a program to open a reverse shell for me so that I can just peacefully chill behind the firewall anytime I want.&quot;<p>Etc, etc etc. I can&#x27;t help it. I&#x27;m curious! I&#x27;m also not very driven and highly nervous. But what if I were driven and brazen, but also very curious?<p>Put important things behind a firewall, and make sure that firewall is correlated to a physically secure location. Password protect systems that need protection. Encrypt things that are critical and confidential. Limit the number of people who have unrestricted access. Divide your network so that more public services only communicate with more secure backend service as little and as securely as possible. Don&#x27;t hire people you don&#x27;t trust. Compensate the people you hire well. Be ethical so that people generally won&#x27;t delight in your downfall.<p>And then live your life! Lol.

&gt; Programming is a complex task that includes five steps: problem identification, solution design, coding, testing and reporting.<p>Perhaps it&#x27;s because of different terminology, but I&#x27;m already somewhat lost on the first sentence of the article. What does reporting mean in this context?

In principle yes, but the objectives (constructive&#x2F;destructive) produce different satisfaction. A programmer on a sizable team might not have the same commitment as one on a smaller team. He&#x2F;she may think so, but it’s almost always, not the case.<p>I’m speaking from experience.

is this a listicle? i don&#x27;t really understand what the purpose of this article is. What makes hackers mindset useful to programmers? what makes these points the valuable takeaways. Not asking hn, it just seems missing from the article

I&#x27;d like to start reading more about engineering than hacking

This article missis its own opportunity.<p>Most of what this article talk about can be learned in a couple of days. Get familiar with ZAP, a proxy to replay and modify http request useful to test webapps for things like XSS, sql injections, Maltego, a fancy port and networks scanner, and some other tools you or a 12 year old can learn from youtube.<p>Seriously this hacking things is overrated and shift-left-security is a joke with the same punchline as DevOps, more best practices mandated by consultant that don&#x27;t do the actual work, for engineers to follow instead of giving them the space to think about a good problem&#x2F;solution fit.