Hacker News new | past | comments | ask | show | jobs | submit login

Coding and auditing/reviewing demand inverted perspectives on the code (aiming for functionality vs. disfunctionality), and you should seek to synchronize these two mindsets such that you always think a few steps ahead with each statement you write. Cultivating an awareness of the counter-intuitive repercussions of every block of code is a more durable objective than remembering cold facts like password hashing. I personally work a lot with fuzzers and the cycle of coding-fuzzing-bugfixing is a great way to attain this awareness. Letting your new developers fuzz or manually break a prepared piece of code is a good way to let them get a taste for it. It's interactive, engaging, surprising and optionally competitive so retention of whatever they take away from it should be better than listening to a presentation.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact