Other Sellers on Amazon
Download the free Kindle app and start reading Kindle books instantly on your smartphone, tablet or computer – no Kindle device required. Learn more
Read instantly on your browser with Kindle Cloud Reader.
Using your mobile phone camera, scan the code below and download the Kindle app.
Enter your mobile phone or email address
By pressing ‘Send link’, you agree to Amazon's Conditions of Use.
You consent to receive an automated text message from or on behalf of Amazon about the Kindle App at your mobile number above. Consent is not a condition of any purchase. Message and data rates may apply.
Agile Application Security: Enabling Security in a Continuous Delivery Pipeline Paperback – 26 September 2017
Enhance your purchase
Written by security experts and agile veterans, this book begins by introducing security principles to agile practitioners, and agile principles to security practitioners. The authors also reveal problems they encountered in their own experiences with agile security, and how they worked to solve them.
You'll learn how to:
Add security practices to each stage of your existing development lifecycle Integrate security with planning, requirements, design, and at the code level Include security testing as part of your team's effort to deliver working software in each release Implement regulatory compliance in an agile or DevOps environment Build an effective security program through a culture of empathy, openness, transparency, and collaboration
Frequently bought together
From the Publisher
Who Should Read This Book
We don’t know if you are an agile team leader or developer who is curious or wants to know more about security. Maybe you are a security practitioner who has just found an entire development team you didn’t know existed and you want to know more.
This book was written with 3 main audiences in mind:
The Agile Practitioner
You live, breathe and do Agile. You know your Scrum from your Kaizen, your test-driven-development from your feedback loop. Whether you are a Scrum Master, developer, tester, agile coach or just a practitioner, you understand the agile practices and values.
This book should help you understand what security is about, what threats exist and the language that security practitioners use to describe what is going on. We’ll help you understand how we model threats, measure risks, build software with security in mind, operate software securely and understand the operational security issues that come with running a service.
The Security Practitioner
Whether you are a risk manager, an information assurance specialist, or a security operations analyst, you understand security. You are probably careful how you use online services, you think about threats and risks and mitigations all of the time, and you may have even found new vulnerabilities and exploited them yourself.
This book should help you understand how software is actually developed in agile teams, and what on earth those teams are talking about when they talk about sprints and stories. You will learn to see the patterns in the chaos, and that should help you interact and influence the team. This book should show you where you can intervene or contribute that is most valuable to an agile team, and has the best effect.
The Agile Security Practitioner
From risk to sprints, you know it all. Whether you are a tool builder who is trying to help teams do security well, or a consultant who advises teams, this book is also for you. The main thing to get out of this book is to understand what the authors consider to be the growing measure of good practice. This book should help you be aware of others in your field, of the ideas and thoughts and concepts that we are seeing pop up in organisations dealing with this problem. It should give you a good broad understanding of the field and an idea for what to research or learn about next.
About the Author
Laura Bell is the founder and lead consultant for SafeStack, a security training, development, and consultancy firm.
Laura is a software developer and penetration tester specializing in the management of information and application security risk within start-up and agile organizations. Over the past decade she has held a range of security and development roles and experienced first-hand the challenges of developing performant, scalable and secure systems. Historically the security function of an organization has been separate from the technical innovators, however Laura educates clients and audiences that in modern business this no longer works. Developers and implementers want to be empowered to understand their own security risk and address it.
Michael Brunton-Spall is the deputy director of technology and operations at Government Digital Service, part of the Cabinet Office in the UK Government. He helps set and assess security standards and advises on building secure services within government. He works as a consulting architect with a variety of government departments, helping them understand and implement Agile, DevOps, service operation and modern web architectures. Previously Michael has worked in the news industry, the gaming industry, the finance industry and the gambling industry.
Rich Smith is the Director of R&D for Duo Labs, supporting the advanced security research agenda for Duo Security. Prior to joining Duo, Rich was Director of Security at Etsy, co-founder of Icelandic red team startup, Syndis, and has held various roles on security teams at Immunity, Kyrus, Morgan Stanley, and HP Labs. Rich has worked professionally in the security space since the late 90's covering a range of activities including building security organizations, security consulting, penetration testing, red teaming, offensive research, and developing exploits and attack tooling. He has worked in both the public and private sectors in the U.S., Europe, and Scandinavia, and currently spends most of his time bouncing between Detroit, Reykjavik and NYC.
Jim Bird is a CTO, software development manager, and project manager with more than 20 years of experience in financial services technology. He has worked with stock exchanges, central banks, clearinghouses, securities regulators, and trading firms in more than 30 countries. He is currently the CTO of a major US-based institutional alternative trading system.
Jim has been working in Agile and DevOps environments in financial services for several years. His first experience with incremental and iterative ("step-by-step") development was back in the early 1990s, when he worked at a West Coast tech firm that developed, tested, and shipped software in monthly releases to customers around the world--he didn't realize how unique that was at the time. Jim is active in the DevOps and AppSec communities, is a contributor to the Open Web Application Security Project (OWASP), and occasionally helps out as an analyst for the SANS Institute.
- Publisher : O'Reilly Media, Inc, USA; 1st edition (26 September 2017)
- Language : English
- Paperback : 376 pages
- ISBN-10 : 1491938846
- ISBN-13 : 978-1491938843
- Dimensions : 17.8 x 2.02 x 23.3 cm
- Best Sellers Rank: 233,423 in Books (See Top 100 in Books)
- Customer Reviews:
Review this product
Top reviews from other countries
The authors represented the honest struggle that application teams face day to day trying to make their applications more secure. Software has constant threats, whether is poor design, software anti-patterns, unnecessarily exposed attack surfaces, insecure software libraries, etc...The authors took the time emphasize the importance of build security into the build pipeline. Agile development teams should strive to achieve as much measured quality in their CI build pipeline.
I happen to work with one of the software companies mentioned in the book. While my team is flattered to be referenced among many amazing companies, it's not my intention to write this review on my company's behalf. Rather, I want to commend the authors for putting out a great foundational resource for educating the agile development community about application security.