For the majority of my career in information security, I have played the role of a defender. Two of my books related to application security and secure software are testaments of this. However, I am certain that most security professionals within companies would relate to me, when I say, I found myself playing catch up. The attacker always seemed to have the advantage, for even securely designed applications were exploitable or exploited. How could this be? One of the reasons for the exploitability of secure applications was that the application teams seldom designed and developed their application with the attacker’s skills, tools and techniques in mind. This talk is designed to bridge that gap by teaching the attendees: how applications get hacked (the anatomy of exploiting vulnerabilities), the shortcomings of secure development processes such as threat modeling and code reviews, etc. and how proactive offense can be the best defense.