front matter
I’ve hacked just about everything that’s walked or crawled on this planet at one time or another. From my first hack of a fellow systems administrator’s root password (authorized, of course) in 1989 to taking over an insulin pump and dispensing all the pump’s insulin on the keynote stage of RSA 2012, I have made it my purpose to expose the world of the adversary—how an attacker thinks and works. After all, education is the final bastion of hope we have to prevent cyberattacks.
When I wrote my first book, Hacking Exposed: Network Secrets and Solutions, in 1999, I knew how important content on adversaries was to administrators. So I quickly cowrote one of the first textbooks on applying these hacking techniques to the new world of the internet: Web Hacking: Attacks and Defense, published in 2002. In that book, my coauthors and I used the same prescriptive formula to educate and kinetically teach defenders how to prevent cyberattacks on their web properties. Little did we know back then just how important software developers would be to the success or failure of hacks. In short, they are everything—because 100% of cyberattacks begin and end with code.
Every piece of the internet runs on software. From network routers and switches to servers and endpoints to industrial control technologies, everything we use to share, communicate, and disseminate information is written in code. When a vulnerability is found, it is ultimately found in source code.