Secure, Resilient, and Agile Software Development - Mark Merkow

Secure, Resilient, and Agile Software Development

(Autor)

Buch | Softcover
238 Seiten
2023
Auerbach (Verlag)
978-1-032-47501-1 (ISBN)
53,60 inkl. MwSt
This book is written with a contemporary view on securing all types of software development practices or methodologies with in-depth, practical, and accessible advice. It is complete with successful secure, resilient, and agile software development practices that meet or exceed the demands of today’s increasingly digital world.
A collection of best practices and effective implementation recommendations that are proven to work, Secure, Resilient, and Agile Software Development leaves the boring details of software security theory out of the discussion as much as possible to concentrate on practical applied software security for practical people. Written to aid your career as well as your organization, the book shows how to gain skills in secure and resilient software development and related tasks. The book explains how to integrate these development skills into your daily duties, thereby increasing your professional value to your company, your management, your community, and your industry. Secure, Resilient, and Agile Software Development was written for the following professionals:








AppSec architects and program managers in information security organizations



Enterprise architecture teams with application development focus



Scrum teams



DevOps teams



Product owners and their managers



Project managers



Application security auditors






With a detailed look at Agile and Scrum software development methodologies, this book explains how security controls need to change in light of an entirely new paradigm on how software is developed. It focuses on ways to educate everyone who has a hand in any software development project with appropriate and practical skills to Build Security In. After covering foundational and fundamental principles for secure application design, this book dives into concepts, techniques, and design goals to meet well-understood acceptance criteria on features an application must implement. It also explains how the design sprint is adapted for proper consideration of security as well as defensive programming techniques. The book concludes with a look at white box application analysis and sprint-based activities to improve the security and quality of software under development.

Mark S. Merkow, CISSP, CISM, CSSLP, works at WageWorks in Tempe, Arizona, leading application security architecture and engineering efforts in the office of the CISO. Mark has over 40 years of experience in IT in a variety of roles, including application development, systems analysis and design, security engineering, and security management. Mark holds a Master of Science in Decision and Information Systems from Arizona State University (ASU), a Master of Education in Distance Education from ASU, and a Bachelor of Science in Computer Information Systems from ASU. In addition to his day job, Mark engages in a number of extracurricular activities, including consulting, course development, online course instruction, and book writing. Mark has authored or co-authored 17 books on IT and has been a contributing editor to four others. Mark remains very active in the information security community, working in a variety of volunteer roles for the Phoenix Chapter of (ISC)2®, ISACA®, and OWASP. You can find Mark’s LinkedIn® profile at: linkedin.com/in/markmerkow

Dedication



Contents



Preface



About the Author



Chapter 1: Today’s Software Development Practices Shatter Old Security Practices



Chapter 2: Deconstructing Agile and Scrum



Chapter 3: Learning Is FUNdamental!



Chapter 4: Product Backlog Development—Building Security In



Chapter 5: Secure Design Considerations



Chapter 6: Security in the Design Sprint



Chapter 7: Defensive Programming



Chapter 8: Testing Part 1: Static Code Analysis



Chapter 9: Testing Part 2: Penetration Testing/Dynamic Analysis/IAST/RASP



Chapter 10: Securing DevOps



Chapter 11: Metrics and Models for AppSec Maturity



Chapter 12: Frontiers for AppSec



Chapter 13: AppSec Is a Marathon—Not a Sprint!



Appendix A: Sample Acceptance Criteria for Security Controls



Appendix B: Resources for AppSec



Index

Erscheinungsdatum
Zusatzinfo 25 Illustrations, black and white
Verlagsort London
Sprache englisch
Maße 156 x 234 mm
Gewicht 335 g
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Mathematik / Informatik Informatik Software Entwicklung
Mathematik / Informatik Informatik Theorie / Studium
ISBN-10 1-032-47501-3 / 1032475013
ISBN-13 978-1-032-47501-1 / 9781032475011
Zustand Neuware
Informationen gemäß Produktsicherheitsverordnung (GPSR)
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
Das Lehrbuch für Konzepte, Prinzipien, Mechanismen, Architekturen und …

von Norbert Pohlmann

Buch | Softcover (2022)
Springer Vieweg (Verlag)
34,99
Management der Informationssicherheit und Vorbereitung auf die …

von Michael Brenner; Nils gentschen Felde; Wolfgang Hommel

Buch (2024)
Carl Hanser (Verlag)
69,99

von Chaos Computer Club

Buch | Softcover (2024)
KATAPULT Verlag
28,00