• Complain

Laura Bell - Agile Application Security: Enabling Security in a Continuous Delivery Pipeline

Here you can read online Laura Bell - Agile Application Security: Enabling Security in a Continuous Delivery Pipeline full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2017, publisher: O’Reilly Media, genre: Romance novel. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

Laura Bell Agile Application Security: Enabling Security in a Continuous Delivery Pipeline

Agile Application Security: Enabling Security in a Continuous Delivery Pipeline: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "Agile Application Security: Enabling Security in a Continuous Delivery Pipeline" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

Agile continues to be the most adopted software development methodology among organizations worldwide, but it generally hasnt integrated well with traditional security management techniques. And most security professionals arent up to speed in their understanding and experience of agile development. To help bridge the divide between these two worlds, this practical guide introduces several security tools and techniques adapted specifically to integrate with agile development.

Written by security experts and agile veterans, this book begins by introducing security principles to agile practitioners, and agile principles to security practitioners. The authors also reveal problems they encountered in their own experiences with agile security, and how they worked to solve them.

Youll learn how to:

  • Add security practices to each stage of your existing development lifecycle
  • Integrate security with planning, requirements, design, and at the code level
  • Include security testing as part of your teams effort to deliver working software in each release
  • Implement regulatory compliance in an agile or DevOps environment
  • Build an effective security program through a culture of empathy, openness, transparency, and collaboration

Laura Bell: author's other books


Who wrote Agile Application Security: Enabling Security in a Continuous Delivery Pipeline? Find out the surname, the name of the author of the book and a list of all author's works by series.

Agile Application Security: Enabling Security in a Continuous Delivery Pipeline — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Agile Application Security: Enabling Security in a Continuous Delivery Pipeline" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

Reset

Interval:

Bookmark:

Make
Agile Application Security

Enabling Security in a Continuous Delivery Pipeline

Laura Bell, Michael Brunton-Spall, Rich Smith, and Jim Bird

Agile Application Security

by Laura Bell , Michael Brunton-Spall , Rich Smith , and Jim Bird

Copyright 2016 Laura Bell, Rich Smith and Michael Brunton-Spall. All rights reserved.

Printed in the United States of America.

Published by OReilly Media, Inc. , 1005 Gravenstein Highway North, Sebastopol, CA 95472.

OReilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles ( http://safaribooksonline.com ). For more information, contact our corporate/institutional sales department: 800-998-9938 or corporate@oreilly.com .

  • Editor: Courtney Allen
  • Production Editor: FILL IN PRODUCTION EDITOR
  • Copyeditor: FILL IN COPYEDITOR
  • Proofreader: FILL IN PROOFREADER
  • Indexer: FILL IN INDEXER
  • Interior Designer: David Futato
  • Cover Designer: Karen Montgomery
  • Illustrator: Rebecca Demarest
  • January -4712: First Edition
Revision History for the First Edition
  • 2016-11-15: First Early Release
  • 2016-12-01: Second Early Release
  • 2017-03-16: Third Early Release
  • 2017-06-01: Fourth Early Release

See http://oreilly.com/catalog/errata.csp?isbn=9781491939024 for release details.

The OReilly logo is a registered trademark of OReilly Media, Inc. Agile Application Security, the cover image, and related trade dress are trademarks of OReilly Media, Inc.

While the publisher and the author(s) have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the author(s) disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights.

978-1-491-93902-4

[FILL IN]

Preface

Software is eating the world. Developers are the new kingmakers. The internet of things means there will be a computer in every light bulb.

These statements indicate the growing dominance of software development, to the point where most people in the world will never be further than a meter away from a computer, and we will expect much of our life to interact with computer-assisted objects and environments all the time.

But this world comes with some dangers. In the old world of computing, security was often only considered in earnest for banking and government style systems. But the rise of ubiquitous computing means a rise in the value that can be realised from the abuse of systems, this increases incentives for misuse, which in turn increases the risks systems face.

Agile software development techniques are becoming rapidly adopted in most organisations, by being responsive to change and dramatically lowering the cost of development, they provide a standard that we expect will continue to grow until the majority of software is built in an agile manner.

However security and agile have not historically been great bedfellows.

Security professionals have had their hands full with the aforementioned government, e-commerce and banking systems, trying to architect, test and secure those systems all in the face of constantly evolving set of threats. Furthermore, what is often seen as the most fun and exciting work in security, the things that get covered on the tech blogs and the nightly news, is currently done by teams of professional hackers focusing on vulnerability research, exploit development, and stunt hacks.

You can probably name a few recent branded vulnerabilities like Heartbleed, Logjam, Shellshock (or heaven forbid even recognise their logos.), or recognise the teams of researchers who have achieved a jailbreak on the latest iPhones and android devices. But when was the last time a new defensive measure or methodology had a cool media friendly name, or you picked up the name of a defender and builder?

Security professionals are lagging behind in their understanding and experience of agile development, and that creates a gap that is scary for our industry.

Equally, agile teams have rejected and thrown off the shackles of the past. No more requirements documents, no more system modeling, no more traditional waterfall hand offs. The problem with this is that agile teams have thrown the baby out with the bathwater. Those practices, while sometimes slow and inflexible, have demonstrated value over the years. They were done for a reason, and agile teams in rejecting them can easily forget and dismiss their value.

This means that agile teams rarely consider security as much as needed. Some of the agile practices make a system more secure, but that is often a beneficial side effect rather than the purpose. Very few agile teams have an understanding of the threats that face their system, they dont understand the risks they are taking, they dont track or do anything to control those risks, and they often have a poor understanding of who it even is that are attacking their creations.

Who Should Read This Book

We dont know if you are an agile team leader or developer who is curious or wants to know more about security. Maybe you are a security practitioner who has just found an entire development team you didnt know existed and you want to know more.

This book was written with 3 main audiences in mind:

The Agile Practitioner

You live, breathe and do Agile. You know your Scrum from your Kaizen, your test-driven-development from your feedback loop. Whether you are a Scrum Master, developer, tester, agile coach or just a practitioner, you understand the agile practices and values.

This book should help you understand what security is about, what threats exist and the language that security practitioners use to describe what is going on. Well help you understand how we model threats, measure risks, build software with security in mind, operate software securely and understand the operational security issues that come with running a service.

The Security Practitioner

Whether you are a risk manager, an information assurance specialist, or a security operations analyst, you understand security. You are probably careful how you use online services, you think about threats and risks and mitigations all of the time, and you may have even found new vulnerabilities and exploited them yourself.

This book should help you understand how software is actually developed in agile teams, and what on earth those teams are talking about when they talk about sprints and stories. You will learn to see the patterns in the chaos, and that should help you interact and influence the team. This book should show you where you can intervene or contribute that is most valuable to an agile team, and has the best effect.

The Agile Security Practitioner

From risk to sprints, you know it all. Whether you are a tool builder who is trying to help teams do security well, or a consultant who advises teams, this book is also for you. The main thing to get out of this book is to understand what the authors consider to be the growing measure of good practice. This book should help you be aware of others in your field, of the ideas and thoughts and concepts that we are seeing pop up in organisations dealing with this problem. It should give you a good broad understanding of the field and an idea for what to research or learn about next.

Next page
Light

Font size:

Reset

Interval:

Bookmark:

Make

Similar books «Agile Application Security: Enabling Security in a Continuous Delivery Pipeline»

Look at similar books to Agile Application Security: Enabling Security in a Continuous Delivery Pipeline. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.


Reviews about «Agile Application Security: Enabling Security in a Continuous Delivery Pipeline»

Discussion, reviews of the book Agile Application Security: Enabling Security in a Continuous Delivery Pipeline and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.