May 2025
Intermediate to advanced
208 pages
5h 40m
English
Content preview from Identity Security for Software Development
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Chapter 2. Secure Coding Practices for Identity Security
Before getting into the strategies and methods of implementing identity security, it helps to understand the best practices for securing identity access within applications. Code security is the first line of defense against a malicious attack, and it encompasses more than just writing, compiling, and testing applications. Robust practices should foster strong defenses on every level of the organization, from every line of code to automation scripts to a secure development environment that makes identity security the central focus for human and machine actors alike.
Developers must pick and choose the best practices that make the most sense for their organization and project. An ecommerce application may require compliance with payment security standards like the Payment Card Industry Data Security Standard (PCI DSS), while a health care provider may need to comply with the Health Insurance Portability and Accountability Act (HIPAA) guidelines. Keeping these practices in mind throughout the development process helps you identify and remediate potential issues before they make it into a production application.
The Zero Trust Model
The days of focusing solely on a strong perimeter defense are over. The shift to cloud computing, microservices, open source, AI-generated code, and IoT has broken our reliance on the single wall of security protection offered by firewalls, API gateways, and similar technologies. Now, we must protect ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.