- Paperback: 376 pages
- Publisher: O'Reilly Media, Inc, USA; 1 edition (26 September 2017)
- Language: English
- ISBN-10: 1491938846
- ISBN-13: 978-1491938843
- Product Dimensions: 17.8 x 2 x 23.3 cm
- Boxed-product Weight: 662 g
- Average Customer Review: Be the first to review this item
- Amazon Bestsellers Rank: 44,080 in Books (See Top 100 in Books)
Other Sellers on Amazon
+ $11.48 Delivery
Agile Application Security Paperback – 26 Sep 2017
|New from||Used from|
Customers who bought this item also bought
Customers who viewed this item also viewed
About the Author
Laura Bell is the founder and lead consultant for SafeStack, a security training, development, and consultancy firm.
Laura is a software developer and penetration tester specializing in the management of information and application security risk within start-up and agile organizations. Over the past decade she has held a range of security and development roles and experienced first-hand the challenges of developing performant, scalable and secure systems. Historically the security function of an organization has been separate from the technical innovators, however Laura educates clients and audiences that in modern business this no longer works. Developers and implementers want to be empowered to understand their own security risk and address it.
Michael Brunton-Spall is the deputy director of technology and operations at Government Digital Service, part of the Cabinet Office in the UK Government. He helps set and assess security standards and advises on building secure services within government. He works as a consulting architect with a variety of government departments, helping them understand and implement Agile, DevOps, service operation and modern web architectures. Previously Michael has worked in the news industry, the gaming industry, the finance industry and the gambling industry.
Rich Smith is the Director of R&D for Duo Labs, supporting the advanced security research agenda for Duo Security. Prior to joining Duo, Rich was Director of Security at Etsy, co-founder of Icelandic red team startup, Syndis, and has held various roles on security teams at Immunity, Kyrus, Morgan Stanley, and HP Labs. Rich has worked professionally in the security space since the late 90’s covering a range of activities including building security organizations, security consulting, penetration testing, red teaming, offensive research, and developing exploits and attack tooling. He has worked in both the public and private sectors in the U.S., Europe, and Scandinavia, and currently spends most of his time bouncing between Detroit, Reykjavik and NYC.
Jim Bird is a CTO, software development manager, and project manager with more than 20 years of experience in financial services technology. He has worked with stock exchanges, central banks, clearinghouses, securities regulators, and trading firms in more than 30 countries. He is currently the CTO of a major US-based institutional alternative trading system.
Jim has been working in Agile and DevOps environments in financial services for several years. His first experience with incremental and iterative (“step-by-step”) development was back in the early 1990s, when he worked at a West Coast tech firm that developed, tested, and shipped software in monthly releases to customers around the world—he didn’t realize how unique that was at the time. Jim is active in the DevOps and AppSec communities, is a contributor to the Open Web Application Security Project (OWASP), and occasionally helps out as an analyst for the SANS Institute.
From the Publisher
Who Should Read This Book
We don’t know if you are an agile team leader or developer who is curious or wants to know more about security. Maybe you are a security practitioner who has just found an entire development team you didn’t know existed and you want to know more.
This book was written with 3 main audiences in mind:
The Agile Practitioner
You live, breathe and do Agile. You know your Scrum from your Kaizen, your test-driven-development from your feedback loop. Whether you are a Scrum Master, developer, tester, agile coach or just a practitioner, you understand the agile practices and values.
This book should help you understand what security is about, what threats exist and the language that security practitioners use to describe what is going on. We’ll help you understand how we model threats, measure risks, build software with security in mind, operate software securely and understand the operational security issues that come with running a service.
The Security Practitioner
Whether you are a risk manager, an information assurance specialist, or a security operations analyst, you understand security. You are probably careful how you use online services, you think about threats and risks and mitigations all of the time, and you may have even found new vulnerabilities and exploited them yourself.
This book should help you understand how software is actually developed in agile teams, and what on earth those teams are talking about when they talk about sprints and stories. You will learn to see the patterns in the chaos, and that should help you interact and influence the team. This book should show you where you can intervene or contribute that is most valuable to an agile team, and has the best effect.
The Agile Security Practitioner
From risk to sprints, you know it all. Whether you are a tool builder who is trying to help teams do security well, or a consultant who advises teams, this book is also for you. The main thing to get out of this book is to understand what the authors consider to be the growing measure of good practice. This book should help you be aware of others in your field, of the ideas and thoughts and concepts that we are seeing pop up in organisations dealing with this problem. It should give you a good broad understanding of the field and an idea for what to research or learn about next.
No customer reviews
|5 star (0%)|
|4 star (0%)|
|3 star (0%)|
|2 star (0%)|
|1 star (0%)|
Review this product
Most helpful customer reviews on Amazon.com
The authors represented the honest struggle that application teams face day to day trying to make their applications more secure. Software has constant threats, whether is poor design, software anti-patterns, unnecessarily exposed attack surfaces, insecure software libraries, etc...The authors took the time emphasize the importance of build security into the build pipeline. Agile development teams should strive to achieve as much measured quality in their CI build pipeline.
I happen to work with one of the software companies mentioned in the book. While my team is flattered to be referenced among many amazing companies, it's not my intention to write this review on my company's behalf. Rather, I want to commend the authors for putting out a great foundational resource for educating the agile development community about application security.
Overall great book. I have earmarked quite a few pages and even had to get the highlighter out. Most of my development teams are more than likely going to purchase it...
Look for similar items by category
- Books > Computers & Internet > Certification
- Books > Computers & Internet > Programming > Software Design, Testing & Engineering > Software Development
- Books > Computers & Internet > Security & Encryption
- Books > Textbooks & Study Guides > Textbooks > Computer Science > Software Design & Engineering