Название: 97 Things Every Application Security Professional Should Know: Collective Wisdom from the ExpertsАвтор: Reet Kaur, Yabing Wang
Издательство: O’Reilly Media, Inc.
Год: 2024
Страниц: 402
Язык: английский
Формат: epub
Размер: 34.2 MB
In this fast-advancing technology world, almost everything is written as software or application. Together with the fast-evolving threat landscape, protecting customer data and ensuring the resilience of your business becomes the critical objective of all cybersecurity professionals. Weak application defenses can lead to serious consequences like regulatory fines, penalties, and loss of customer trust—especially for industries that handle sensitive or financial data. That's why it's imperative for security professionals to reinforce themselves with the latest insights to combat growing cyber threats.
In this go-to guide, editors Reet Kaur and Yabing Wang share key concepts, up-to-date best practices, and cutting-edge tools that today's cyber professionals need to ensure solid application security. The articles in this book include actionable advice on a wide variety of application security topics and thought-provoking questions that drive the direction of the field. You'll also receive expert advice from professionals on how to navigate your career within this industry.
Cybersecurity, or information security, has always been a very broad and comprehensive field and has been a fast-evolving area for the past 10–20 years. Within, there are many domains, such as risk management, security operations, network and infrastructure security, identity access management, and others. This book focuses on one particular domain called application security (AppSec). That’s because, in today’s modern world, software development has become the core of any product or service. As such, ensuring the security of any product or application development is critical to the success of your business.
This book is a collection of wisdom from 77 security experts in application security across various industries. Organized into 12 topics, the book covers web applications, mobile applications, APIs, and the Internet of Things (IoT) (embedded systems). It also expands the safeguards to both on-prem and in-cloud development. More importantly, it explains all angles of AppSec such as secure software development life cycle (SDLC) practice, threat modeling, code scanning and testing, vulnerability management, and how to run a successful application security program. The book also provides insight into two emerging topics: software supply chain security and AI security. It is a treasure trove of those security practitioners’ practical advice, distilled into bite-sized essays for both beginners and seasoned professionals in application security and cybersecurity.
Articles include:
AppSec Is a People Problem—Not a Technical One — Mark S. Merkow
A Coordinated Approach to a Successful DevSecOps Program — Han Lievens
Will Passwordless Authentication Save Your Application? — Aldo Salas
Introduction to CI/CD Pipelines and Associated Risks — Tyler Young
Unveiling Paths to Account Takeover: Web Cache to XSS Exploitation — Lütfü Mert Ceylan
Secure the Software Supply Chain Through Transparency — Niels Tanis
The Right Way to Threat Model — Josh Brown
Enhanced Application Security Defense — Michael Freeman
Mobile Security Domain and Best Practices — Aruneesh Salhotra
API Security Primer — Chenxi Wang
Will Generative and LLM Solve a 20-Year-Old Problem in Application Security? — Neatsun Ziv
Application Security in Cyber-Physical Systems — Yaniv Vardi
You should read this book if you are:
• New to security and want to learn more about application security
• A developer and want to learn how to secure your application
• Interested in running a successful application security program
We hope you find this book valuable to meet your needs, and that you can take the lessons learned from other practitioners and apply them in your world to make your applications resilient against evolving threats. Get ready to absorb expertise from some of the best in the field—your go-to guide for application security success!
Скачать 97 Things Every Application Security Professional Should Know