Agile Application Security: Enabling Security in a Continuous Delivery Pipeline

Laura Bell, Michael Brunton-Spall, Rich Smith, Jim Bird

買這商品的人也買了...

商品描述

Agile continues to be the most adopted software development methodology among organizations worldwide, but it generally hasn't integrated well with traditional security management techniques. And most security professionals aren’t up to speed in their understanding and experience of agile development. To help bridge the divide between these two worlds, this practical guide introduces several security tools and techniques adapted specifically to integrate with agile development.

Written by security experts and agile veterans, this book begins by introducing security principles to agile practitioners, and agile principles to security practitioners. The authors also reveal problems they encountered in their own experiences with agile security, and how they worked to solve them.

You’ll learn how to:

  • Add security practices to each stage of your existing development lifecycle
  • Integrate security with planning, requirements, design, and at the code level
  • Include security testing as part of your team’s effort to deliver working software in each release
  • Implement regulatory compliance in an agile or DevOps environment
  • Build an effective security program through a culture of empathy, openness, transparency, and collaboration

商品描述(中文翻譯)

敏捷開發方法仍然是全球組織中最被廣泛採用的軟體開發方法,但它通常與傳統的安全管理技術整合得不太好。大多數安全專業人員對敏捷開發的理解和經驗也不夠豐富。為了彌合這兩個世界之間的差距,這本實用指南介紹了幾種專門適用於與敏捷開發整合的安全工具和技術。

本書由安全專家和敏捷開發老手撰寫,首先向敏捷從業人員介紹安全原則,並向安全從業人員介紹敏捷原則。作者還揭示了他們在敏捷安全方面的經驗中遇到的問題,以及他們如何解決這些問題。

你將學到如何:
- 在現有的開發生命週期的每個階段中添加安全實踐
- 在計劃、需求、設計和代碼層面上與安全整合
- 將安全測試納入團隊每次發布軟體的努力中
- 在敏捷或DevOps環境中實施法規合規性
- 通過同理心、開放性、透明度和協作來建立一個有效的安全計劃

以上。