Application Security Program Handbook A guide for software engineers and team leaders MEAP v02 1st Edition by Derek Fisher ISBN 9781633439818 163343981X

Application Security Program Handbook A guide for software engineers and team leaders MEAP v02 1st Edition by Derek Fisher – Ebook PDF Instant Download/Delivery: 9781633439818 ,163343981X
Full download Application Security Program Handbook A guide for software engineers and team leaders MEAP v02 1st Edition after payment

Product details:

ISBN 10: 163343981X
ISBN 13: 9781633439818
Author: Derek Fisher

Application Security Program Handbook A guide for software engineers and team leaders MEAP v02 1st Edition Table of contents:

Chapter 1: Why do we need application security?
1.1 The role of an application security program
1.1.1. Security from concept to production
1.1.2. Where does application security program
1.2 The current state of application security
1.3 Why building security in is challenging
1.3.1. Trying to protect at runtime
1.3.2. Getting output from tools is not enough
1.3.3. Sifting signal from noise in security tools
1.4 Shifting right versus shifting left in development
1.4.1. Shifting right in the development lifecycle
1.4.2. Shifting right fails
1.4.3 Shifting left in the development lifecycle
1.4.4. Shifting left fails
1.5 Is going left better than going right
1.6 Application security needs you!
1.6.1. Democratizing application security
1.6.2. Users will be users
1.7 Examples of failing to secure the software
1.7.1. SolarWinds
1.7.2. Accellion
1.7.3 Fake software
1.8 Summary
Chapter 2: Defining the problem
2.1 The CIA Triad
2.2 Confidentiality
2.2.1 Data protection policy
2.2.2 Data at rest
2.2.3 Applying encryption
2.2.4 Data in transit
2.2.5 Encryption prior to transmission
2.2.6 Data In Use
2.2.7 Not so confidential
2.2.8 Do I even need this?
2.3 Availability
2.3.1 DoS and DDoS
2.3.2 Accidental outage
2.3.3 The role of ransomware
2.3.4 Casino Betting Offline
2.3.5 Health organizations are still fair game
2.3.6 Building in resiliency
2.4 Integrity
2.4.1 Integrity starts with access
2.4.2 The role of version control
2.4.3 Data Validation
2.4.4 Data Replication
2.4.5 Data Checks
2.5 Authentication and authorization
2.5.1 Authentication
2.5.2 Authorization
2.6 Adversaries
2.6.1 Script Kiddies
2.6.2 Insider
2.6.3 Cybercriminal
2.6.4 Hacktivist & Terrorist
2.6.5 Advanced Persistent Threat
2.6.6 Why do we care?
2.7 Measuring risk
2.7.1 Remediate, mitigate, accept
2.7.2 Identify the risk
2.7.3 Estimating likelihood
2.7.4 Estimating impact
2.7.5 Risk severity
2.7.6 Risk example
2.7.7 Other methodologies
2.8 Summary
Chapter 3: Components of application security
3.1 Threat modeling
3.1.1 Basic threat modeling terminology
3.1.2 Manual threat modeling
3.1.3 Starting the manual process
3.1.4 Threat modeling with linking bank accounts
3.1.5 What to do with the found threats
3.1.6 Threat modeling using a tool
3.2 Security analysis tools
3.2.1 Static application security testing
3.2.2 Tools in the development environment
3.2.3 Dynamic application security testing
3.2.4 Software composition analysis
3.3 Penetration Testing
3.4 Run-time protection tools
3.5 Vulnerability collection and prioritization
3.5.1 Integrating with defect tracking
3.5.2 Prioritizing vulnerabilities
3.5.3 Closing vulnerabilities
3.6 Bug bounty and vulnerability disclosure program
3.6.1 Vulnerability disclosure program
3.6.2 Bug bounty program
3.6.3 Third party help with vulnerabilities
3.7 Putting it together
3.8 Summary
Chapter 4: Releasing secure code
4.1 Security in DevOps
4.1.1 DevOps pipelines
4.2 DevOps isn’t the only game in town
4.2.1 Waterfall
4.2.2 Agile
4.2.3 Lean
4.2.4 DevOps supports security better
4.2.5 DevSecOps Example
4.3 Application security tooling in the pipeline
4.3.1 Threat modeling in DevSecOps
4.3.2 SAST in DevSecOps
4.3.3 DAST and IAST in DevSecOps
4.3.4 SCA in DevSecOps
4.3.5 Run-time protection in DevSecOps
4.3.6 Security orchestration
4.3.7 Security education
4.4 Feedback Loop
4.5 Summary
Chapter 5: Security belongs to everyone
5.1 Security is everyone’s problem
5.1.1 Structure of an application security team
5.1.2 Just hire more application security people
5.1.3 How to close the gap
5.2 Security education
5.2.1 Raising the security IQ
5.2.2 Microlearning & just-in-time training
5.2.3 It’s more than just training
5.3 Standards, requirements and reference architecture
5.3.1 Creating and driving standards
5.3.2 Creating reference architecture
5.3.3 Bringing requirements into the organization
5.4 Maturity models
5.4.1 OWASP SAMM
5.4.2 Building Security in Maturity Model
5.4.3 Addressing your security immaturity
5.5 Decentralized application security
5.5.1 Security champions program
5.5.2 Leveraging the decentralized model
5.6 Summary

People also search for Application Security Program Handbook A guide for software engineers and team leaders MEAP v02 1st Edition:

application security program handbook derek fisher
    
application security requirements checklist
    
f5 application security policy manual configuration (advanced)
    
application security policy manual configuration (advanced)
    
application security hardening

Tags: Derek Fisher, Application Security Program, software engineers, team leaders