- Shopping Bag ( 0 items )
From the PublisherDeveloping more secure and resilient software has to be an integral part of the design and the implementation of an application and not an afterthought. The key to better security and resiliency comes down to education, continuous improvement and accountability. This book pulls together the state of the art in thinking about this important issue in a holistic way with several examples. It takes you through the entire lifecycle from conception to implementation and highlights where methodologies like the Microsoft Security Development Lifecycle can play a significant role in improving the security and reliability of your software.
—Doug Cavit, Chief Security Strategist, Microsoft Corporation
Demonstrating thorough understanding of the problems facing development organizations today, Secure and Resilient Software provides the reader with the tools necessary to jump-start and mature security within the software development lifecycle (SDLC). The authors bridge the gap between theory and practical application by providing valuable processes, checklists, frameworks, and examples. The material presented fills a gap that was desperately needed and is a must read for anyone participating in requirements gathering, quality assurance, development, and/or application security testing processes.
—Jeff Weekes, Sr. Security Architect at Terra Verde Services
It’s hard to imagine a more difficult and less well understood challenge than developing secure and resilient software. This book is full of useful insights and practical advice from two authors who have lived this process. What you get is a tactical application security roadmap that cuts through the noise and is immediately applicable to your projects. What’s really unique is the way that the book links together different standards to illuminate security across the entire software development process. You’ll learn how security evolves from threats to security requirements, through security services like OWASP ESAPI, into security architecture, and then into security testing and analysis leveraging OWASP ASVS. Highly recommended for anyone who cares about the future of the world’s software.
—Jeff Williams, Aspect Security CEO and Volunteer Chair of the OWASP Foundation