December 2019
Intermediate
30m
English
Closed Captioning available in German, English, Spanish, French, Japanese, Korean, Portuguese (Portugal, Brazil), Chinese (Simplified), Chinese (Traditional)
Overview
Application security testing has been around for a long time, yet successful attacks continue despite significant investments in application security. And we shouldn’t be surprised when we’re applying testing tools developed more than 12 years ago to software development methods only made commonplace in the last 3–5 years. In addition, application security is least understood and often takes a back seat to perimeter and endpoint security. At the same time, there’s a misconception that the cloud provider takes care of all the security, and few people have considered new attack surfaces introduced by containers and orchestration. Tesla showed us the fallacy here.
Traditional application security testing has been targeted to security professionals and is regarded as a separate process from development. This separation and delay creates friction in the process, with many trade-offs required. In an effort to improve application security testing, the new chant has been “shift left” to remove more vulnerabilities earlier and empower the developers.
Lucas Charles (GitLab) examines the shortcomings of most shift-left efforts and how cloud native environments, Agile DevOps processes, and minimum viable products with rapid iteration wreaks havoc on traditional security methodologies. He dives into how to bring security into DevOps while avoiding a complex DevOps toolchain that must be integrated with security testing and explores new ways of thinking of app security to turn the industry on its head by using concurrent DevOps—a method that makes it possible for product, development, QA, security, and operations teams to work at the same time. You’ll learn the three key requirements of your application security process needed to get you onto the road of an efficient and secure software development lifecycle (SDLC).
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Watch now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.