Another of my favorites is BurpSuite, a set of application assessment utilities that let you do things like intercept traffic between the client browser and Web application. For example, if an application's password-reset logic isn't written properly, you could use BurpSuite to intercept and alter the parameters in an attempt to change another user's password.
We'll have other utilities, of course, as well as a tool to run static code analysis. That tool will eventually be incorporated into our software development life cycle and will be employed to assess the sanity of our source code.
We need our engineers to use all these tools properly, and I want them to learn to think like a hacker. To help, I'll find a trusted third party to provide training and guidance in application assessments and penetration testing. Slowly but surely, all of this will get all of our engineers to thinking about security early and often in the development process.
Sign up for CIO Asia eNewsletters.