Back to Security Pattern Catalog

White Hats, Hack Thyself

Classification Key : Security Pattern Space


The implementation of security mechanisms in a system have to be tested before the system is exposed to real world. Trying to figure out all the bugs and vulnerabilities in a system is a very difficult task. How can you be assured of the true security of your systems without real-world testing?


Apply gray hat techniques against your own system. Plan and execute an attack under a controlled but non-trivial circumstance. Perform attacks on an ongoing basis and record the results. Use the results for testing and maintenance.

Known Uses

Sanctum’s Appscan can automate and document controlled web-based intrusion attempts.

Related Patterns

Risk Determination


Romanosky Repository


Patch, Maintenance, Attack Response


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz