Agile application security : enabling security in a continuous delivery pipeline

"Agile continues to be the most adopted software development methodology among organizations worldwide, but it generally hasn't integrated well with traditional security management techniques. And most security professionals aren't up to speed in their understanding and experience of...

Full description

Bibliographic Details
Main Author: Bell, Laura (Author)
Other Involved Persons: Brunton-Spall, Michael ; Smith, Richard J. ; Bird, Jim
Format: Book
Language:English
Published: Beijing Boston Farnham Sebastopol Tokyo : O'Reilly September 2017
Edition:First edition
ISBN:1491938846
9781491938843
Physical Description:xviii, 363 Seiten 179 x 235 x 24
Subjects:
Other Editions:Show all 2 Editions
QR Code: Show QR Code
Description:
  • "Agile continues to be the most adopted software development methodology among organizations worldwide, but it generally hasn't integrated well with traditional security management techniques. And most security professionals aren't up to speed in their understanding and experience of agile development. To help bridge the divide between these two worlds, this practical guide introduces several security tools and techniques adapted specifically to integrate with agile development. Written by security experts and agile veterans, this book begins by introducing security principles to agile practitioners, and agile principles to security practitioners. The authors also reveal problems they encountered in their own experiences with agile security, and how they worked to solve them. You'll learn how to: add security practices to each stage of your existing development lifecycle; integrate security with planning, requirements, design, and at the code level Include security testing as part of your team's effort to deliver working software in each release; implement regulatory compliance in an agile or DevOps environment; build an effective security program through a culture of empathy, openness, transparency, and collaboration."--Publisher description
Contents:
  • Getting started with security
  • Agile enablers
  • Welcome to the Agile revolution
  • Working with your existing Agile life cycle
  • Security and requirements
  • Agile vulnerability management
  • Risk for Agile teams
  • Threat assessments and understanding attacks
  • Building secure and usable systems
  • Code review for security
  • Agile security testing
  • External reviews, testing, and advice
  • Operations and OpSec
  • Compliance
  • Security culture
  • What does Agile security mean?
Regensburger Classification System:
    Detailed View Regensburger Classification System
    SR 870