Secure, Resilient, and Agile Software Development

Read more

A collection of best practices and effective implementation recommendations that are proven to work, Secure, Resilient, and Agile Software Development leaves the boring details of software security theory out of the discussion as much as possible to concentrate on practical applied software security for practical people. Written to aid your career as well as your organization, the book shows how to gain skills in secure and resilient software development and related tasks. The book explains how to integrate these development skills into your daily duties, thereby increasing your professional value to your company, your management, your community, and your industry. Secure, Resilient, and Agile Software Development was written for the following professionals:

• AppSec architects and program managers in information security organizations
• Enterprise architecture teams with application development focus
• Scrum teams
• DevOps teams
• Product owners and their managers
• Project managers
• Application security auditors

With a detailed look at Agile and Scrum software development methodologies, this book explains how security controls need to change in light of an entirely new paradigm on how software is developed. It focuses on ways to educate everyone who has a hand in any software development project with appropriate and practical skills to Build Security In. After covering foundational and fundamental principles for secure application design, this book dives into concepts, techniques, and design goals to meet well-understood acceptance criteria on features an application must implement. It also explains how the design sprint is adapted for proper consideration of security as well as defensive programming techniques. The book concludes with a look at white box application analysis and sprint-based activities to improve the security and quality of software under development.

List of contents

Dedication
Contents
Preface
About the Author

Chapter 1: Today's Software Development Practices Shatter Old Security Practices
Chapter 2: Deconstructing Agile and Scrum
Chapter 3: Learning Is FUNdamental!
Chapter 4: Product Backlog Development-Building Security In
Chapter 5: Secure Design Considerations
Chapter 6: Security in the Design Sprint
Chapter 7: Defensive Programming
Chapter 8: Testing Part 1: Static Code Analysis
Chapter 9: Testing Part 2: Penetration Testing/Dynamic Analysis/IAST/RASP
Chapter 10: Securing DevOps
Chapter 11: Metrics and Models for AppSec Maturity
Chapter 12: Frontiers for AppSec
Chapter 13: AppSec Is a Marathon-Not a Sprint!

Appendix A: Sample Acceptance Criteria for Security Controls
Appendix B: Resources for AppSec

Index

Summary

A collection of best practices and effective implementation recommendations that are proven to work, Secure, Resilient, and Agile Software Development leaves the boring details of software security theory out of the discussion as much as possible to concentrate on practical applied software security for practical people. Written to aid your career as well as your organization, the book shows how to gain skills in secure and resilient software development and related tasks. The book explains how to integrate these development skills into your daily duties, thereby increasing your professional value to your company, your management, your community, and your industry. Secure, Resilient, and Agile Software Development was written for the following professionals:

• AppSec architects and program managers in information security organizations
• Enterprise architecture teams with application development focus
• Scrum teams
• DevOps teams
• Product owners and their managers
• Project managers
• Application security auditors

With a detailed look at Agile and Scrum software development methodologies, this book explains how security controls need to change in light of an entirely new paradigm on how software is developed. It focuses on ways to educate everyone who has a hand in any software development project with appropriate and practical skills to Build Security In. After covering foundational and fundamental principles for secure application design, this book dives into concepts, techniques, and design goals to meet well-understood acceptance criteria on features an application must implement. It also explains how the design sprint is adapted for proper consideration of security as well as defensive programming techniques. The book concludes with a look at white box application analysis and sprint-based activities to improve the security and quality of software under development.

Report

Modern software development breaks the old ways of security. This book is practical, actionable, relatable, and most importantly, current. It should be required reading for all Agile and DevOps teams.-Ed Adams, Chief Executive Officer, Security Innovation, Inc.