11 - Red Team Extensively

Red teaming, or white hat hacking, is a very valuable tool in the security toolbox. Recently, an effort led by Defense Digital Services resulted in the US Army finding 146 vulnerabilities in public-facing software, including one server that had already been compromised and was running cryptocurrency mining software.

Do use public and private red teaming of your software. Attack it ruthlessly and address any discovered vulnerabilities. If your software or architecture doesn’t permit it to be used while connected to the open internet (e.g., you assume any connections on the network are safe) then you need to rethink your design.