Tanya Janca - Alice and Bob Learn Application Security
Здесь есть возможность читать онлайн «Tanya Janca - Alice and Bob Learn Application Security» — ознакомительный отрывок электронной книги совершенно бесплатно, а после прочтения отрывка купить полную версию. В некоторых случаях можно слушать аудио, скачать через торрент в формате fb2 и присутствует краткое содержание. Жанр: unrecognised, на английском языке. Описание произведения, (предисловие) а так же отзывы посетителей доступны на портале библиотеки ЛибКат.
- Название:Alice and Bob Learn Application Security
- Автор:
- Жанр:
- Год:неизвестен
- ISBN:нет данных
- Рейтинг книги:5 / 5. Голосов: 1
-
Избранное:Добавить в избранное
- Отзывы:
-
Ваша оценка:
Alice and Bob Learn Application Security: краткое содержание, описание и аннотация
Предлагаем к чтению аннотацию, описание, краткое содержание или предисловие (зависит от того, что написал сам автор книги «Alice and Bob Learn Application Security»). Если вы не нашли необходимую информацию о книге — напишите в комментариях, мы постараемся отыскать её.
application security from the very start, with this comprehensive and approachable guide!
Alice and Bob Learn Application Security · Secure requirements, design, coding, and deployment
· Security Testing (all forms)
· Common Pitfalls
· Application Security Programs
· Securing Modern Applications
· Software Developer Security Hygiene
Alice and Bob Learn Application Security Alice and Bob Learn Application Security
Alice and Bob Learn Application Security — читать онлайн ознакомительный отрывок
Ниже представлен текст книги, разбитый по страницам. Система сохранения места последней прочитанной страницы, позволяет с удобством читать онлайн бесплатно книгу «Alice and Bob Learn Application Security», без необходимости каждый раз заново искать на чём Вы остановились. Поставьте закладку, и сможете в любой момент перейти на страницу, на которой закончили чтение.
Интервал:
Закладка:
Table of Contents
1 Cover
2 Introduction Pushing Left About This Book Out-of-Scope Topics The Answer Key
3 Part I: What You Must Know to Write Code Safe Enough to Put on the Internet CHAPTER 1: Security Fundamentals The Security Mandate: CIA Assume Breach Insider Threats Defense in Depth Least Privilege Supply Chain Security Security by Obscurity Attack Surface Reduction Hard Coding Never Trust, Always Verify Usable Security Factors of Authentication Exercises CHAPTER 2: Security Requirements Requirements Requirements Checklist Exercises CHAPTER 3: Secure Design Design Flaw vs. Security Bug Secure Design Concepts Segregation of Production Data Threat Modeling Exercises CHAPTER 4: Secure Code Selecting Your Framework and Programming Language Untrusted Data HTTP Verbs Identity Session Management Bounds Checking Authentication (AuthN) Authorization (AuthZ) Error Handling, Logging, and Monitoring Exercises CHAPTER 5: Common Pitfalls OWASP Defenses and Vulnerabilities Not Previously Covered Race Conditions Closing Comments Exercises
4 Part II: What You Should Do to Create Very Good Code CHAPTER 6: Testing and Deployment Testing Your Code Testing Your Application Testing Your Infrastructure Testing Your Database Testing Your APIs and Web Services Testing Your Integrations Testing Your Network Deployment Exercises CHAPTER 7: An AppSec Program Application Security Program Goals Application Security Activities Application Security Tools CHAPTER 8: Securing Modern Applications and Systems APIs and Microservices Online Storage Containers and Orchestration Serverless Infrastructure as Code (IaC) Security as Code (SaC) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Continuous Integration/Delivery/Deployment Dev(Sec)Ops The Cloud Cloud Workflows Modern Tooling Modern Tactics Summary Exercises
5 Part III: Helpful Information on How to Continue to Create Very Good Code CHAPTER 9: Good Habits Password Management Multi-Factor Authentication Incident Response Fire Drills Continuous Scanning Technical Debt Inventory Other Good Habits Summary Exercises CHAPTER 10: Continuous Learning What to Learn Take Action Exercises Learning Plan CHAPTER 11: Closing Thoughts Lingering Questions Conclusion
6 APPENDIX A: ResourcesIntroduction Chapter 1: Security Fundamentals Chapter 2: Security Requirements Chapter 3: Secure Design Chapter 4: Secure Code Chapter 5: Common Pitfalls Chapter 6: Testing and Deployment Chapter 7: An AppSec Program Chapter 8: Securing Modern Applications and Systems Chapter 9: Good Habits Chapter 10: Continuous Learning
7 APPENDIX B: Answer Key Chapter 1: Security Fundamentals Chapter 2: Security Requirements Chapter 3: Secure Design Chapter 4: Secure Code Chapter 5: Common Pitfalls Chapter 6: Testing and Deployment Chapter 7: An AppSec Program Chapter 8: Securing Modern Applications and Systems Chapter 9: Good Habits Chapter 10: Continuous Learning
8 Index
9 End User License Agreement
List of Illustrations
1 Introduction Figure I-1: System Development Life Cycle (SDLC) Figure I-2: Shifting/Pushing Left
2 Chapter 1 Figure 1-1: The CIA Triad is the reason IT Security teams exist. Figure 1-2: Confidentiality: keeping things safe Figure 1-3: Integrity means accuracy. Figure 1-4: Resilience improves availability. Figure 1-5: Three layers of security for an application; an example of defens... Figure 1-6: A possible supply chain for Bob’s doll house Figure 1-7: Example of an application calling APIs and when to authenticate
3 Chapter 2 Figure 2-1: The System Development Life Cycle (SDLC) Figure 2-2: Data classifications Bob uses at workFigure 2-3: Forgotten password flowchartFigure 2-4: Illustration of a web proxy intercepting web traffic
4 Chapter 3Figure 3-1: The System Development Life Cycle (SDLC)Figure 3-2: Flaws versus bugsFigure 3-3: Approximate cost to fix security bugs and flaws during the SDLCFigure 3-4: Pushing leftFigure 3-5: Using a web proxy to circumvent JavaScript validationFigure 3-6: Example of very basic attack tree for a run-tracking mobile app
5 Chapter 4Figure 4-1: Input validation flowchart for untrusted dataFigure 4-2: Session management flow example
6 Chapter 5Figure 5-1: CRSF flowchartFigure 5-2: SSRF flowchart
7 Chapter 6Figure 6-1: Continuous Integration/Continuous Delivery (CI/CD)
8 Chapter 7Figure 7-1: Security activities added to the SDLC
9 Chapter 8Figure 8-1: Simplified microservice architectureFigure 8-2: Microservice architecture with API gatewayFigure 8-3: Infrastructure as Code workflowFigure 8-4: File integrity monitoring and application control tooling at work...
Guide
1 Cover
2 Table of Contents
3 Begin Reading
Pages
1 iii
2 xxi
3 xxii
4 xxiii
5 xxiv
6 1
7 3
8 4
9 5
10 6
11 7
12 8
13 9
14 10
15 11
16 12
17 13
18 14
19 15
20 16
21 17
22 18
23 19
24 20
25 21
26 22
27 23
28 24
29 25
30 26
31 27
32 28
33 29
34 30
35 31
36 32
37 33
38 34
39 35
40 36
41 37
42 38
43 39
44 40
45 41
46 42
47 43
48 44
49 45
50 46
51 47
52 48
53 49
54 50
55 51
56 52
57 53
58 54
59 55
60 56
61 57
62 58
63 59
64 60
65 61
66 62
67 63
68 65
69 66
70 67
71 68
72 69
73 70
74 71
75 72
76 73
77 74
78 75
79 76
80 77
81 78
82 79
83 80
84 81
85 82
86 83
87 84
88 85
89 86
90 87
91 88
92 89
93 90
94 91
95 92
96 93
97 94
98 95
99 96
100 97
101 98
102 99
103 100
104 101
105 102
106 103
107 104
108 105
109 106
110 107
111 108
112 109
113 110
114 111
115 112
116 113
117 114
118 115
119 116
120 117
121 119
122 121
123 122
124 123
125 124
126 125
127 126
128 127
129 128
130 129
131 130
132 131
133 132
134 133
135 134
136 135
137 136
138 137
139 138
140 139
141 140
142 141
143 142
144 143
145 144
146 145
147 146
148 147
149 148
150 149
151 150
152 151
153 152
154 153
155 154
156 155
157 156
158 157
159 158
160 159
161 160
162 161
163 162
164 163
165 164
166 165
167 166
168 167
169 168
170 169
171 170
172 171
173 172
174 173
175 174
176 175
177 176
178 177
179 178
180 179
181 180
182 181
183 182
184 183
185 184
186 185
187 186
188 187
189 188
190 189
191 190
192 191
193 193
194 195
195 196
196 197
197 198
198 199
199 200
200 201
201 202
202 203
203 204
204 205
205 206
206 207
207 208
208 209
209 210
210 211
211 212
212 213
213 214
214 215
215 216
216 217
217 218
218 219
219 220
220 221
221 222
222 223
223 225
224 226
225 227
226 228
227 229
228 230
229 231
230 233
231 234
232 235
233 236
234 237
235 238
236 239
Читать дальшеИнтервал:
Закладка:
Похожие книги на «Alice and Bob Learn Application Security»
Представляем Вашему вниманию похожие книги на «Alice and Bob Learn Application Security» списком для выбора. Мы отобрали схожую по названию и смыслу литературу в надежде предоставить читателям больше вариантов отыскать новые, интересные, ещё непрочитанные произведения.
Обсуждение, отзывы о книге «Alice and Bob Learn Application Security» и просто собственные мнения читателей. Оставьте ваши комментарии, напишите, что Вы думаете о произведении, его смысле или главных героях. Укажите что конкретно понравилось, а что нет, и почему Вы так считаете.