Software Security
Failed to add items
Sorry, we are unable to add the item because your shopping cart is already at capacity.
Add to Cart failed.
Please try again later
Add to Wish List failed.
Please try again later
Remove from wishlist failed.
Please try again later
Adding to library failed
Please try again
Follow podcast failed
Please try again
Unfollow podcast failed
Please try again
Audible Standard 30-day free trial
Select 1 audiobook a month from our entire collection of titles.
Yours as long as you’re a member.
Get unlimited access to bingeable podcasts.
Standard auto renews for $8.99 a month after 30 days. Cancel anytime.
Software Security
Narrated by:
Virtual Voice
Buy for $6.40
-
Narrated by:
-
Virtual Voice
-
By:
-
Ajit Singh
This title uses virtual voice narration
Virtual voice is computer-generated narration for audiobooks.
Philosophy: Security as an Engineering Discipline
The foundational philosophy of this book is that software security is not an audit, a checklist, or a final gate; it is a fundamental aspect of quality software engineering. The core philosophy of this book is that security is a development discipline, not a separate function. It is a shared responsibility of every developer, architect, and tester. This book rejects the outdated model of "penetrate and patch" and instead champions a proactive "build security in" approach. I believe that the most effective way to learn is by doing, and therefore, every concept is tied to a tangible action, a piece of code, or a practical development task. I focused on pragmatic, evidence-based practices that can be integrated directly into the daily workflow of a development team, making security a seamless and integral part of the entire Software Development Lifecycle (SDLC).
Key Features
1. Capstone Project-Driven: The book culminates in a full-fledged DIY capstone project where students build a secure web application, integrating lessons from every preceding chapter.
2. OWASP Top 10 Focus: A dedicated chapter provides an in-depth, practical exploration of the OWASP Top 10 vulnerabilities, which serves as a cornerstone of modern application security.
3. DevSecOps Integration: The book addresses contemporary development practices, explaining how security activities are integrated into CI/CD pipelines and agile workflows.
4. Simple and Clear Language: We intentionally avoid dense academic jargon where possible, opting for clear, direct explanations that are easy for students to understand and retain.
5. Beginner to Advanced: While the book starts with the basics, it progressively introduces more advanced topics like secure architecture patterns and automated security testing, making it a valuable resource for both introductory and advanced courses.
Key Takeaways
1. Upon completing this book, the reader will be able to:
2. Understand the Security Mindset: Think like an attacker to identify potential weaknesses in software.
3. Design Secure Software: Apply principles like Threat Modeling and secure design patterns to architect resilient applications.
4. Write Secure Code: Identify and prevent common vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), and Insecure Deserialization.
5. Test for Vulnerabilities: Utilize both static (SAST) and dynamic (DAST) analysis tools to discover security flaws in code and running applications.
6. Integrate Security into DevOps: Understand how to embed automated security checks and practices into a modern CI/CD pipeline.
7. Build a Complete Secure Application: Apply all learned concepts to successfully complete a capstone project, demonstrating end-to-end software security skills.
Disclaimer: Earnest request from the Author.
Kindly go through the table of contents and refer kindle edition for a glance on the related contents.
Thank you for your kind consideration!
No reviews yet