We'd love your help. Let us know what's wrong with this preview of Agile Application Security by Jim Bird.
Thanks for telling us about the problem.
Friend Reviews
To see what your friends thought of this book, please sign up.
Community Reviews
· 79 ratings · 9 reviews
Start your review of Agile Application Security: Enabling Security in a Continuous Delivery Pipeline
This book helps you understand what security is about, what threats exist and the language that security practitioners use to describe what is going on. This book helps you understand how to model threats, measure risk, build software with security in mind, operate software securely and understand the operational security issues that come with running a service. But book talk more about information security while there are other types of security like physical security and personal security. SecThis book helps you understand what security is about, what threats exist and the language that security practitioners use to describe what is going on. This book helps you understand how to model threats, measure risk, build software with security in mind, operate software securely and understand the operational security issues that come with running a service. But book talk more about information security while there are other types of security like physical security and personal security. Security or software security more specially is about minimizing risk. It is the field in which we attempt to reduce the likelihood that our people, systems, and data will be used in a way that would cause financial, reputation or physical harm. Book provides good advices about minimizing risks. Book also examines challenges that exist between developers and security experts and provides good advices to handle them to improve security. It also introduces good tools and resources for security. If you want to get familiar with different aspects of software security, read this book. ...more
Jan 08, 2022 Carter rated it liked it
The combination of the most prevalent modern development methodology Agile, and the requirements of application security modifications (CSSLP) to software development, can "appear" to be in conflict; the resulting problems, can be multifacted, an attempt to resolve some of them are present here as a comprehensive methodology, combined with standard CI/CD. I may not recommended this approach myself, nor use it.The combination of the most prevalent modern development methodology Agile, and the requirements of application security modifications (CSSLP) to software development, can "appear" to be in conflict; the resulting problems, can be multifacted, an attempt to resolve some of them are present here as a comprehensive methodology, combined with standard CI/CD. I may not recommended this approach myself, nor use it. ...more
Feb 09, 2019 Andrew rated it really liked it
This book provides practical and actionable advice for anyone working in a modern development environment. One of the gems of this book is the authors sharing their experience of what they've seen work in the real world. The authors also provide a lot of links and options to further investigate. While they may become dated in time (though are not yet dated), the spirit of this book would still make it worth reading. This book provides practical and actionable advice for anyone working in a modern development environment. One of the gems of this book is the authors sharing their experience of what they've seen work in the real world. The authors also provide a lot of links and options to further investigate. While they may become dated in time (though are not yet dated), the spirit of this book would still make it worth reading. ...more
Very good overview of the modern approach to security in agile software development. The book has a very good structure, it's easy to read, lots of links to additional materials, good information about tools and frameworks for security. It's quite enough to read this book to be able to start building a security practice in your organization.Very good overview of the modern approach to security in agile software development. The book has a very good structure, it's easy to read, lots of links to additional materials, good information about tools and frameworks for security. It's quite enough to read this book to be able to start building a security practice in your organization. ...more
Obligatorio para el mundo del software de hoy.
El mundo del software se mueve muy rápido, y la seguridad no se ha puesto a tono aún. Éste libro va en la dirección correcta en este sentido, dando tanto a desarrolladores como a especialistas en seguridad una ventaja gigantesca para integrar seguridad y software.
Aug 23, 2018 Kris French rated it really liked it
Excellent primer on the melding of agile principles with application security. Good read for security OR agile professionals. Easy read, highly accessible.
Jun 06, 2020 kevin rated it really liked it
A good starting point with many pointers to incorporate security into development. Some chapters are practical and some more conceptual.
Bien para tener una idea global sobre la agilidad y su integración con la ciberseguridad. Otra cosa es implementarlo..
Goodreads is hiring!
If you like books and love to build cool products, we may be looking for you. Learn more »
News & Interviews
Need another excuse to treat yourself to a new book this week? We've got you covered with the buzziest new releases of the day. To create our...
"Agile teams rely on automation heavily in order to get the speed, repeatability, and consistency that they need to keep moving forward. However automation itself comes with its own risks. The tools themselves can be the target of attack and an attack vector in themselves," — 0 likes
"Automated systems can allow mistakes, errors, and attacks to be propagated and multiplied in far more damaging ways than manual systems. As the DevOps comedy account @DevOpsBorat says, "To make error is human. To propagate error to all server in automatic way is #devops." 2 Furthermore, automated tooling is fallible; and as we know so well in the security world, it can be easy for humans to begin to trust in the computer and stop applying sense or judgment to the results. This can lead to teams trusting that if the tests pass, the system is working as expected, even if other evidence might indicate otherwise." — 0 likes
More quotes…
Welcome back. Just a moment while we sign you in to your Goodreads account.
0 Response to "Agile Application Security Enabling Security in a Continuous Delivery Pipeline"
Post a Comment