Название: 97 Things Every Application Security Professional Should Know: Collective Wisdom from the Experts Автор: Reet Kaur, Yabing Wang Издательство: O’Reilly Media, Inc. Год: 2024 Страниц: 402 Язык: английский Формат: epub Размер: 34.2 MB
In this fast-advancing technology world, almost everything is written as software or application. Together with the fast-evolving threat landscape, protecting customer data and ensuring the resilience of your business becomes the critical objective of all cybersecurity professionals. Weak application defenses can lead to serious consequences like regulatory fines, penalties, and loss of customer trust—especially for industries that handle sensitive or financial data. That's why it's imperative for security professionals to reinforce themselves with the latest insights to combat growing cyber threats.
In this go-to guide, editors Reet Kaur and Yabing Wang share key concepts, up-to-date best practices, and cutting-edge tools that today's cyber professionals need to ensure solid application security. The articles in this book include actionable advice on a wide variety of application security topics and thought-provoking questions that drive the direction of the field. You'll also receive expert advice from professionals on how to navigate your career within this industry.
Cybersecurity, or information security, has always been a very broad and comprehensive field and has been a fast-evolving area for the past 10–20 years. Within, there are many domains, such as risk management, security operations, network and infrastructure security, identity access management, and others. This book focuses on one particular domain called application security (AppSec). That’s because, in today’s modern world, software development has become the core of any product or service. As such, ensuring the security of any product or application development is critical to the success of your business.
This book is a collection of wisdom from 77 security experts in application security across various industries. Organized into 12 topics, the book covers web applications, mobile applications, APIs, and the Internet of Things (IoT) (embedded systems). It also expands the safeguards to both on-prem and in-cloud development. More importantly, it explains all angles of AppSec such as secure software development life cycle (SDLC) practice, threat modeling, code scanning and testing, vulnerability management, and how to run a successful application security program. The book also provides insight into two emerging topics: software supply chain security and AI security. It is a treasure trove of those security practitioners’ practical advice, distilled into bite-sized essays for both beginners and seasoned professionals in application security and cybersecurity.
Articles include:
AppSec Is a People Problem—Not a Technical One — Mark S. Merkow A Coordinated Approach to a Successful DevSecOps Program — Han Lievens Will Passwordless Authentication Save Your Application? — Aldo Salas Introduction to CI/CD Pipelines and Associated Risks — Tyler Young Unveiling Paths to Account Takeover: Web Cache to XSS Exploitation — Lütfü Mert Ceylan Secure the Software Supply Chain Through Transparency — Niels Tanis The Right Way to Threat Model — Josh Brown Enhanced Application Security Defense — Michael Freeman Mobile Security Domain and Best Practices — Aruneesh Salhotra API Security Primer — Chenxi Wang Will Generative and LLM Solve a 20-Year-Old Problem in Application Security? — Neatsun Ziv Application Security in Cyber-Physical Systems — Yaniv Vardi
You should read this book if you are:
• New to security and want to learn more about application security • A developer and want to learn how to secure your application • Interested in running a successful application security program
We hope you find this book valuable to meet your needs, and that you can take the lessons learned from other practitioners and apply them in your world to make your applications resilient against evolving threats. Get ready to absorb expertise from some of the best in the field—your go-to guide for application security success!
Скачать 97 Things Every Application Security Professional Should Know
Внимание
Уважаемый посетитель, Вы зашли на сайт как незарегистрированный пользователь.
Мы рекомендуем Вам зарегистрироваться либо войти на сайт под своим именем.