January 2018
Intermediate to advanced
378 pages
11h 34m
English
Content preview from Release It!, 2nd EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Security as an Ongoing Process
Frameworks can’t protect you from the Top 10. Neither can a one-time review by your company’s AppSec team. Security is an ongoing activity. It must be part of your system’s architecture: crucial decisions about encrypted communication, encryption at rest, authentication, and authorization are all cross-cutting concerns that affect your entire system.
New attacks emerge all the time. You must have a process to discover attacks (hopefully before they are used on you) and remediate your system quickly.
This is doubly true when you deploy technology that hasn’t been battle-hardened. New technology with new APIs will have vulnerabilities. That doesn’t mean you should give up the advantages it offers. It does mean ...