Friday, September 29, 2017

Agile Application Security book

This is the first post in a while. I've been busy working on a bunch of projects. One of them is now finally complete: a book on Agile Application Security for O'Reilly, with Laura Bell, Michael Brunton-Spall, and Rich Smith.

In this book we try to build bridges between the security community and Agile teams, by taking advantage of our different experiences and viewpoints:

  • Rich's extensive experience as a pen tester, and running the security team at Etsy.
  • Michael's experience in hyperdrive Agile development, DevOps and security at The Guardian and the UK Digital Service.
  • Laura's work as a software developer and application security cat herder with large and small organizations in many different stages on their journeys to Agile adoption.
  • My work in development and operations in enterprise financial technology.

This is a unique book that looks at Agile from a security perspective, and security from an Agile perspective.

We explain the driving ideas and key problems in security, and the core enabling practices in Agile that help teams succeed, and how security programs can leverage Agile ideas and practices. How to deal with important risks and problems, and how to scale.

We look in detail at security practices and tools in an Agile context: threat and risk management, how to think about security in requirements, secure coding and code reviews, security testing in Continuous Integration and Continuous Deployment, what scanning can and cannot do for you, building hardened infrastructure and running secure systems, and putting all of this together into automated pipelines and feedback loops.

We also step through regulatory compliance and how to achieve continuous compliance; and how to get value from working with outsiders, including auditors, pen testers and bug bounty programs. We end with how to build an agile security culture and how to break down walls between engineers and security.

It was a unique opportunity to work with experts around the world: Michael in the UK, Laura in New Zealand, Rich in the US. Challenging, exhausting, and a great learning experience.

Our hope is that it offers value to developers who work in Agile environments and are new to security; to people in the security community who want to understand how security can keep up with high-velocity Agile and DevOps teams; and even to people who are expert in both.

12 comments:

gowsalya said...

Great post! I am actually getting ready to across this information, It’s very helpful for this blog.Also great with all of the valuable information you have Keep up the good work you are doing well.

DevOps online Training|DevOps Training in USA
Devops Training in Chennai

Devops Training in Bangalore

devops online training said...

nice information About DevOps Thanks For Sharing
any one want to learn devops or DevOps Online Training visit Us:
DevOps Online Training

devipriya chitra said...

Good Post! Thank you so much for sharing this pretty post, it was so good to read and useful to improve my knowledge as updated one, keep blogging.

rpa training in velachery| rpa training in tambaram |rpa training in sholinganallur | rpa training in annanagar| rpa training in kalyannagar

Richa T said...

Good Post, I am a big believer in posting comments on sites to let the blog writers know that they ve added something advantageous to the world wide web.
java training in chennai | java training in bangalore

java interview questions and answers | core java interview questions and answers

nivatha said...

Hi, Great.. Tutorial is just awesome..It is really helpful for a newbie like me.. I am a regular follower of your blog. Really very informative post you shared here. Kindly keep blogging.
Data Science course in Chennai | Data science course in bangalore
Data science course in pune | Data science online course
Data Science Interview questions and answers | Python course in Kalyan nagar

Website Designing Company Meerut said...

Hey, I am really glad I have found this information
Website Designing Company Bijnor
Website Designing Company Hapur
Web Designing Company Bijnor
Web Designing Company Hapur
Best Website Designing Company Bijnor
Top Website Designing Company Hapur
Website Development Company in Mawana
Website Designing and Development Company in Mawana
Website Designing Company in Mawana
Website Designing Company in Meerut

Anonymous said...

Really very nice blog information for this one and more technical skills are improve,i like that kind of post.

angularjs Training in chennai
angularjs Training in chennai

angularjs-Training in tambaram

angularjs-Training in sholinganallur

angularjs-Training in velachery

ranasing rajkumar said...

I am very happy when read this blog post because blog post written in good manner and write on good topic. Thanks for sharing valuable information.

white label website builder

Rite Lesty said...

Your blog is very informative. Eating mindfully has been very hard for people these days. It's all because of their busy schedules, work or lack of focus on themselves. As a student I must admit that I have not been eating mindfully but because of this I will start now. It could help me enjoy my food and time alone. Eating mindfully may help me be aware of healthy food and appreciating food.
โค้ดส่วนลด Hotels.com

saran latha said...

The knowledge of technology you have been sharing thorough this post is very much helpful to develop new idea. here by i also want to share this.
advanced excel training in bangalore

CMTECH said...

I think this article will fully complement you. Please continue publishing helpful topics like this. Regards, from Web Design Brisbane

Custom Software

Development Brisbane


Web Development Brisbane

Unknown said...


Excellent and very cool idea and great content of different kinds of the valuable information's.
DevOps Online Training

Site Meter