The best defense is a good offense! See things from your enemy’s point of view! It takes a thief to catch a thief! All great advice, however, it is a bit hard to utilize them without knowing the context in which they apply. The goal of this post is to provide that context. Who are the attackers? What are their goals? Where are they? That’s what we will cover! Who is the attacker?
As a security engineer, I regularly work with developers. Together we draft various ideas and try to find the best possible solution to the problem at hand. During this process, the following question always comes up in some form: how secure should this be? Simple as it may seem, usually a lot of thought goes into answering this. Let’s see why! There are quite a few things in play here: legal and business requirements, the risk of exploitation, cost of mitigation, loss expectancy, business impact, etc.