The security mantra is that security needs to happen at all phases of development, and that you need to think like an attacker. But developers like us are focused on building things rather than finding ways to exploit them, so how do we get there?
The answer is as usual: practice. In this video, Alex shows how you can practice thinking like an attacker with the help of a few tools available in Kali Linux and the OWASP Juice Shop project, a codebase created on purpose not only to have a lot of vulnerabilities but also to praise you for finding them. These are put together in a virtual machine you can set up from here: https://github.com/MozaicWorks/SecurityLearningProgram.
And if you want to learn more about security practices from the developer’s perspective, check out the Secure Coding Learning Program by Mozaic Works.