book

Alice and Bob Learn Application Security

Name: Alice and Bob Learn Application Security
Author: Tanya Janca
ISBN: 9781119687351

by Tanya Janca

November 2020

Intermediate to advanced

288 pages

7h 45m

English

Wiley

Read now

Unlock full access

Cover
Foreword
Introduction
Pushing LeftAbout This BookOut-of-Scope TopicsThe Answer Key
Part I: What You Must Know to Write Code Safe Enough to Put on the Internet
CHAPTER 1: Security Fundamentals
The Security Mandate: CIAAssume BreachInsider ThreatsDefense in DepthLeast PrivilegeSupply Chain SecuritySecurity by ObscurityAttack Surface ReductionHard CodingNever Trust, Always VerifyUsable SecurityFactors of AuthenticationExercises
CHAPTER 2: Security Requirements
RequirementsRequirements ChecklistExercises
CHAPTER 3: Secure Design
Design Flaw vs. Security BugSecure Design ConceptsSegregation of Production DataThreat ModelingExercises
CHAPTER 4: Secure Code
Selecting Your Framework and Programming LanguageUntrusted DataHTTP VerbsIdentitySession ManagementBounds CheckingAuthentication (AuthN)Authorization (AuthZ)Error Handling, Logging, and MonitoringExercises
CHAPTER 5: Common Pitfalls
OWASPDefenses and Vulnerabilities Not Previously CoveredRace ConditionsClosing CommentsExercises
Part II: What You Should Do to Create Very Good Code

CHAPTER 6: Testing and Deployment
Testing Your CodeTesting Your ApplicationTesting Your InfrastructureTesting Your DatabaseTesting Your APIs and Web ServicesTesting Your IntegrationsTesting Your NetworkDeploymentExercises
CHAPTER 7: An AppSec Program
Application Security Program GoalsApplication Security ActivitiesApplication Security Tools
CHAPTER 8: Securing Modern Applications and Systems
APIs and MicroservicesOnline StorageContainers and OrchestrationServerlessInfrastructure as Code (IaC)Security as Code (SaC)Platform as a Service (PaaS)Infrastructure as a Service (IaaS)Continuous Integration/Delivery/DeploymentDev(Sec)OpsThe CloudCloud WorkflowsModern ToolingModern TacticsSummaryExercises
Part III: Helpful Information on How to Continue to Create Very Good Code
CHAPTER 9: Good Habits
Password ManagementMulti-Factor AuthenticationIncident ResponseFire DrillsContinuous ScanningTechnical DebtInventoryOther Good HabitsSummaryExercises
CHAPTER 10: Continuous Learning
What to LearnTake ActionExercises Learning Plan
CHAPTER 11: Closing Thoughts
Lingering QuestionsConclusion
APPENDIX A: Resources
IntroductionChapter 1: Security FundamentalsChapter 2: Security RequirementsChapter 3: Secure DesignChapter 4: Secure CodeChapter 5: Common PitfallsChapter 6: Testing and DeploymentChapter 7: An AppSec ProgramChapter 8: Securing Modern Applications and SystemsChapter 9: Good HabitsChapter 10: Continuous Learning
APPENDIX B: Answer Key
Chapter 1: Security FundamentalsChapter 2: Security RequirementsChapter 3: Secure DesignChapter 4: Secure CodeChapter 5: Common PitfallsChapter 6: Testing and DeploymentChapter 7: An AppSec ProgramChapter 8: Securing Modern Applications and SystemsChapter 9: Good HabitsChapter 10: Continuous Learning
Index
End User License Agreement

Overview

Learn application security from the very start, with this comprehensive and approachable guide!

Alice and Bob Learn Application Security is an accessible and thorough resource for anyone seeking to incorporate, from the beginning of the System Development Life Cycle, best security practices in software development. This book covers all the basic subjects such as threat modeling and security testing, but also dives deep into more complex and advanced topics for securing modern software systems and architectures. Throughout, the book offers analogies, stories of the characters Alice and Bob, real-life examples, technical explanations and diagrams to ensure maximum clarity of the many abstract and complicated subjects.

Topics include:

Secure requirements, design, coding, and deployment
Security Testing (all forms)
Common Pitfalls
Application Security Programs
Securing Modern Applications
Software Developer Security Hygiene

Alice and Bob Learn Application Security is perfect for aspiring application security engineers and practicing software developers, as well as software project managers, penetration testers, and chief information security officers who seek to build or improve their application security programs.

Alice and Bob Learn Application Security illustrates all the included concepts with easy-to-understand examples and concrete practical applications, furthering the reader’s ability to grasp and retain the foundational and advanced topics contained within.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781119687351Purchase Link

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills