دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
دانلود کتاب Application Security Program Handbook A guide for software engineers and team leaders
دانلود کتاب راهنمای برنامه امنیت برنامه راهنمای مهندسین نرم افزار و رهبران تیم
مشخصات کتاب
Application Security Program Handbook A guide for software engineers and team leaders
ویرایش: [MEAP Edition]
نویسندگان: Derek Fisher
سری:
ناشر: Manning Publications
سال نشر: 2021
تعداد صفحات: [155]
زبان: English
فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 5 Mb
قیمت کتاب (تومان) : 28,000
در صورت تبدیل فایل کتاب Application Security Program Handbook A guide for software engineers and team leaders به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب راهنمای برنامه امنیت برنامه راهنمای مهندسین نرم افزار و رهبران تیم نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
توضیحاتی درمورد کتاب به خارجی
فهرست مطالب
Application Security Program Handbook MEAP V02 Copyright welcome brief contents Chapter 1: Why do we need application security? 1.1 The role of an application security program 1.1.1. Security from concept to production 1.1.2. Where does application security program 1.2 The current state of application security 1.3 Why building security in is challenging 1.3.1. Trying to protect at runtime 1.3.2. Getting output from tools is not enough 1.3.3. Sifting signal from noise in security tools 1.4 Shifting right versus shifting left in development 1.4.1. Shifting right in the development lifecycle 1.4.2. Shifting right fails 1.4.3 Shifting left in the development lifecycle 1.4.4. Shifting left fails 1.5 Is going left better than going right 1.6 Application security needs you! 1.6.1. Democratizing application security 1.6.2. Users will be users 1.7 Examples of failing to secure the software 1.7.1. SolarWinds 1.7.2. Accellion 1.7.3 Fake software 1.8 Summary Chapter 2: Defining the problem 2.1 The CIA Triad 2.2 Confidentiality 2.2.1 Data protection policy 2.2.2 Data at rest 2.2.3 Applying encryption 2.2.4 Data in transit 2.2.5 Encryption prior to transmission 2.2.6 Data In Use 2.2.7 Not so confidential 2.2.8 Do I even need this? 2.3 Availability 2.3.1 DoS and DDoS 2.3.2 Accidental outage 2.3.3 The role of ransomware 2.3.4 Casino Betting Offline 2.3.5 Health organizations are still fair game 2.3.6 Building in resiliency 2.4 Integrity 2.4.1 Integrity starts with access 2.4.2 The role of version control 2.4.3 Data Validation 2.4.4 Data Replication 2.4.5 Data Checks 2.5 Authentication and authorization 2.5.1 Authentication 2.5.2 Authorization 2.6 Adversaries 2.6.1 Script Kiddies 2.6.2 Insider 2.6.3 Cybercriminal 2.6.4 Hacktivist & Terrorist 2.6.5 Advanced Persistent Threat 2.6.6 Why do we care? 2.7 Measuring risk 2.7.1 Remediate, mitigate, accept 2.7.2 Identify the risk 2.7.3 Estimating likelihood 2.7.4 Estimating impact 2.7.5 Risk severity 2.7.6 Risk example 2.7.7 Other methodologies 2.8 Summary Chapter 3: Components of application security 3.1 Threat modeling 3.1.1 Basic threat modeling terminology 3.1.2 Manual threat modeling 3.1.3 Starting the manual process 3.1.4 Threat modeling with linking bank accounts 3.1.5 What to do with the found threats 3.1.6 Threat modeling using a tool 3.2 Security analysis tools 3.2.1 Static application security testing 3.2.2 Tools in the development environment 3.2.3 Dynamic application security testing 3.2.4 Software composition analysis 3.3 Penetration Testing 3.4 Run-time protection tools 3.5 Vulnerability collection and prioritization 3.5.1 Integrating with defect tracking 3.5.2 Prioritizing vulnerabilities 3.5.3 Closing vulnerabilities 3.6 Bug bounty and vulnerability disclosure program 3.6.1 Vulnerability disclosure program 3.6.2 Bug bounty program 3.6.3 Third party help with vulnerabilities 3.7 Putting it together 3.8 Summary Chapter 4: Releasing secure code 4.1 Security in DevOps 4.1.1 DevOps pipelines 4.2 DevOps isn’t the only game in town 4.2.1 Waterfall 4.2.2 Agile 4.2.3 Lean 4.2.4 DevOps supports security better 4.2.5 DevSecOps Example 4.3 Application security tooling in the pipeline 4.3.1 Threat modeling in DevSecOps 4.3.2 SAST in DevSecOps 4.3.3 DAST and IAST in DevSecOps 4.3.4 SCA in DevSecOps 4.3.5 Run-time protection in DevSecOps 4.3.6 Security orchestration 4.3.7 Security education 4.4 Feedback Loop 4.5 Summary Chapter 5: Security belongs to everyone 5.1 Security is everyone’s problem 5.1.1 Structure of an application security team 5.1.2 Just hire more application security people 5.1.3 How to close the gap 5.2 Security education 5.2.1 Raising the security IQ 5.2.2 Microlearning & just-in-time training 5.2.3 It’s more than just training 5.3 Standards, requirements and reference architecture 5.3.1 Creating and driving standards 5.3.2 Creating reference architecture 5.3.3 Bringing requirements into the organization 5.4 Maturity models 5.4.1 OWASP SAMM 5.4.2 Building Security in Maturity Model 5.4.3 Addressing your security immaturity 5.5 Decentralized application security 5.5.1 Security champions program 5.5.2 Leveraging the decentralized model 5.6 Summary
نظرات کاربران
کتاب های تصادفی
دانلود کتاب Power integrity for electrical and computer engineers
دانلود کتاب Minimal Projections in Banach Spaces: Problems of Existence and Uniqueness and their Application
دانلود کتاب Математические основы теории управления
دانلود کتاب German Grammar
