Book Descri乔治·阿玛尼ption
Stop dangerous threats and secure your vulnerabilities without slowing down delivery. This practical book is a one-stop guide to implementing a robust application security program.
In the Application Security Program Handbook you will learn:
- Why application security is so important to modern software
- Application security tools you can use throughout the development lifecycle
- Creating threat models
- Rating discovered risks
- Gap analysis on security tools
- Mitigating web application vulnerabilities
- Creating a DevSecOps pipeline
- Application security as a service model
- Reporting structures that highlight the value of application security
- Creating a software security ecosystem that benefits development
- Setting up your program for continuous improvement
The Application Security Program Handbook teaches you to implement a robust program of security throughout your development process. It goes well beyond the basics, detailing flexible security fundamentals that can adapt and evolve to new and emerging threats. Its service-oriented approach is perfectly suited to the fast pace of modern development. Your team will quickly switch from viewing security as a chore to an essential part of their daily work. Follow the expert advice in奢侈腕表 this guide and you’ll reliably deliver software that is free from security defects and critical vulnerabilities.
Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.
About the technology
Application security is much more than a protective layer bolted onto your code. Real security requires coordinating practices, people, tools, technology, and processes throughout the life cycle of a software product. This book provides a reproducible, step-by-step road map to building a successful application security program.
About the book
The Application Security Program Handbook delivers effective guidance on establishing and maturing a comprehensive software security plan. In it, you’ll master techniques for assessing your current application security, determining whether vendor tools are delivering what you need, and modeling risks and threats. As you go, you’ll learn both how to secure a software application end to end and also how to build a rock-solid process to keep it safe.
What’s inside
- Application security tools for the whole development life cycle
- Finding and fixing web application vulnerabilities
- Creating a DevSecOps pipeline
- Setting up your security program for continuous improvement
About the reader
For software developers, architects, team leaders, and project managers.
About the author
Derek Fisher has been working in application security for over a decade, where he has seen numerous security successes and failures firsthand.
中文:
书名:应用安全程序手册: 软件工程师和团队负责人指南
停止危险威胁并保护您的漏洞,同时不会降低交付速度。这本实用的书是实现强大的应用程序安全程序的一站式指南。
在应用程序安全程序手册中,您将学习:
- 为什么应用程序安全蕾蒙威对现代软件如此重要
- 应用安全工具
- 创建威胁模型
- 评级发现风险
- 安全工具差距分析
- 缓解web应用漏洞
- 创建DevSecOps管道
- 应用安全服务模式
- 突出应用安全价值的报告结构
- 创建有利于开发的软件安全生态系统
- 设置您的程序以实现持续改进
应用程序安全程序手册将教您在整个开发过程中实施一个强大的安全程序。它远远超出了基础知识,详细介绍了灵活的安全基础知识,可以适应和发展以应对新的和正在出现的威胁。它的面向服务的方法非常适合现代发展的快速步伐。您的团队将迅速从将安全性视为琐事转变为日常工作的重要组成部分。遵循本指南中的专家建议,您将可靠地交付没有安全缺陷和严重漏洞的软件。
购买印刷书包括曼宁出版物提供的PDF,Kindle和ePub格式的免费电子书。
关于技术
应用程序安全性不仅仅是固定在代码上的保护层。真正的安全需要在软件产品的整个生命周期中协调实践、人员、工具、技术和流程。本书提供了可复制的分步路线图,以构建成功的应用程序安全程序。
关于这本书
应用程序安全计划手册为建立和完善全面的软件安全计划提供了有效的指导。在其中,您将掌握评估当前应用程序安全性、确定供应商工具是否提供您需要的东西以及建模风险和威胁的技术。在进行过程中,您将学习如何端到端保护软件应用程序,以及如何构建坚如磐石的流程以确保其安全。
里面有什么
- 全开发生命周期应用安全工具
- web应用漏洞查找修复
- 创建DevSecOps管道
- 设置您的安全程序以实现持续改进
关于读者
对于软件开发人员、架构师、团队领导和项目经理。
关于作者
Derek Fisher从事应用程序安全工作已有十多年了,他亲眼目睹了许多安全成功和失败。
评论前必须登录!
注册