Practical security for agile and DevOps
Merkow, Mark S.
Practical security for agile and DevOps / Mark S. Merkow, CISSP, CISM, CSSLP. - First edition. - Boca Raton, FL : CRC Press, Taylor and Francis, 2022. - xxv, 209 pages : illustrations, graphs, tables (black and white) ; 26 cm.
Includes bibliographical references and index.
Today’s software development practices shatter old security practices — Deconstructing Agile and Scrum — Learning is FUNdamental! — Product backlog development — Building security in — Secure design considerations — Security in the design sprint — Defensive programming — Testing part 1 : static code analysis — Testing part 2 : penetration testing/dynamic analysis/IAST/RASP — Securing DevOps — Metrics and models for AppSec maturity — Frontiers for AppSe — AppSec is a marathon—Not a sprint! — Appendix A : security acceptance criteria — Appendix B : resources for AppSec — Appendix C : answers to chapter quick check questions.
This textbook was written from the perspective of someone who began his software security career in 2005, long before the industry began focusing on it. This is an excellent perspective for students who want to learn about securing application development. After having made all the rookie mistakes, the author realized that software security is a human factors issue rather than a technical or process issue alone. Throwing technology into an environment that expects people to deal with it but failing to prepare them technically and psychologically with the knowledge and skills needed is a certain recipe for bad results.
Practical Security for Agile and DevOpsis a collection of best practices and effective implementation recommendations that are proven to work. The text leaves the boring details of software security theory out of the discussion as much as possible to concentrate on practical applied software security that is useful to professionals. It is as much a book for students’ own benefit as it is for the benefit of their academic careers and organizations. Professionals who are skilled in secure and resilient software development and related tasks are in tremendous demand. This demand will increase exponentially for the foreseeable future. As students integrate the text’s best practices into their daily duties, their value increases to their companies, management, community, and industry.
9781032151205
Computer security
Agile software development
QA76.9.A25
Practical security for agile and DevOps / Mark S. Merkow, CISSP, CISM, CSSLP. - First edition. - Boca Raton, FL : CRC Press, Taylor and Francis, 2022. - xxv, 209 pages : illustrations, graphs, tables (black and white) ; 26 cm.
Includes bibliographical references and index.
Today’s software development practices shatter old security practices — Deconstructing Agile and Scrum — Learning is FUNdamental! — Product backlog development — Building security in — Secure design considerations — Security in the design sprint — Defensive programming — Testing part 1 : static code analysis — Testing part 2 : penetration testing/dynamic analysis/IAST/RASP — Securing DevOps — Metrics and models for AppSec maturity — Frontiers for AppSe — AppSec is a marathon—Not a sprint! — Appendix A : security acceptance criteria — Appendix B : resources for AppSec — Appendix C : answers to chapter quick check questions.
This textbook was written from the perspective of someone who began his software security career in 2005, long before the industry began focusing on it. This is an excellent perspective for students who want to learn about securing application development. After having made all the rookie mistakes, the author realized that software security is a human factors issue rather than a technical or process issue alone. Throwing technology into an environment that expects people to deal with it but failing to prepare them technically and psychologically with the knowledge and skills needed is a certain recipe for bad results.
Practical Security for Agile and DevOpsis a collection of best practices and effective implementation recommendations that are proven to work. The text leaves the boring details of software security theory out of the discussion as much as possible to concentrate on practical applied software security that is useful to professionals. It is as much a book for students’ own benefit as it is for the benefit of their academic careers and organizations. Professionals who are skilled in secure and resilient software development and related tasks are in tremendous demand. This demand will increase exponentially for the foreseeable future. As students integrate the text’s best practices into their daily duties, their value increases to their companies, management, community, and industry.
9781032151205
Computer security
Agile software development
QA76.9.A25