Crafting Secure Software: An engineering leader's guide to security by design

Bulmash, Greg, Segura, Thomas

  • 出版商: Packt Publishing
  • 出版日期: 2024-09-12
  • 售價: $2,350
  • 貴賓價: 9.5$2,233
  • 語言: 英文
  • 頁數: 156
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1835885063
  • ISBN-13: 9781835885062
  • 相關分類: 資訊安全
  • 海外代購書籍(需單獨結帳)

相關主題

商品描述

Gain a solid understanding of the threat landscape and discover best practices to protect your software factory throughout the SDLC, with valuable insights from security experts at GitGuardian

Key Features:

- Develop a strong security posture by grasping key attack vectors in the SDLC

- Implement industry-leading best practices to protect software from evolving threats

- Utilize legislative and regulatory landscapes to mitigate compliance-related costs

Book Description:

Drawing from GitGuardian's extensive experience in securing millions of lines of code for organizations worldwide, Crafting Secure Software takes you on an exhaustive journey through the complex world of software security and prepares you to face current and emerging security challenges confidently.

Authored by security experts, this book provides unique insights into the software development lifecycle (SDLC) and delivers actionable advice to help you mitigate and prevent risks. From securing code-writing tools and secrets to ensuring the integrity of the source code and delivery pipelines, you'll get a good grasp on the threat landscape, uncover best practices for protecting your software, and craft recommendations for future-proofing against upcoming security regulations and legislation.

By the end of this book, you'll have gained a clear vision of the improvements needed in your security posture, along with concrete steps to implement them, empowering you to make informed decisions and take decisive action in safeguarding your software assets.

What You Will Learn:

- Get to grips with security trends and GitGuardian's role in modern software

- Analyze major security breaches and their impact on the industry

- Develop a threat model tailored to your business and risk appetite

- Implement security measures across your entire SDLC

- Secure secrets within codebases, configurations, and artifacts

- Design and maintain secure build pipelines and deployment setups

- Navigate security compliance, including current and future laws

- Prepare for future security with AI-generated code integration

Who this book is for:

This book is an essential read for security and IT leaders navigating the complexities of modern software development. The book is also useful for chief security officers (CSOs), chief information security officers (CISOs), security architects, DevOps professionals, and IT decision makers. A basic understanding of software engineering, version control, and build and delivery mechanisms is needed. This guide will empower you to comprehend and mitigate threats in today's dynamic software factories, regardless of your technical depth.

Table of Contents

- Introduction to the Security Landscape

- The Software Supply Chain and the SDLC

- Securing Your Code-Writing Tools

- Securing Your Secrets

- Securing Your Source Code

- Securing Your Delivery

- Security Compliance and Certification

- Best Practices to Drive Security Buy-In

商品描述(中文翻譯)

獲得對威脅環境的深入了解,並發現保護您的軟體工廠在整個軟體開發生命週期(SDLC)中的最佳實踐,並從 GitGuardian 的安全專家那裡獲得寶貴的見解。

主要特點:
- 通過掌握 SDLC 中的主要攻擊向量,建立強大的安全姿態
- 實施行業領先的最佳實踐,以保護軟體免受不斷演變的威脅
- 利用立法和監管環境來減輕合規相關的成本

書籍描述:
本書根據 GitGuardian 在為全球組織保護數百萬行代碼方面的豐富經驗,帶您深入探索軟體安全的複雜世界,並幫助您自信地面對當前和新興的安全挑戰。

由安全專家撰寫,本書提供了對軟體開發生命週期(SDLC)的獨特見解,並提供可行的建議,幫助您減輕和預防風險。從保護代碼編寫工具和秘密到確保源代碼和交付管道的完整性,您將深入了解威脅環境,揭示保護軟體的最佳實踐,並制定針對未來安全法規和立法的建議。

在本書結束時,您將清楚了解在安全姿態中所需的改進,以及實施這些改進的具體步驟,使您能夠做出明智的決策並採取果斷行動來保護您的軟體資產。

您將學到的內容:
- 理解安全趨勢及 GitGuardian 在現代軟體中的角色
- 分析主要的安全漏洞及其對行業的影響
- 制定適合您業務和風險承受能力的威脅模型
- 在整個 SDLC 中實施安全措施
- 保護代碼庫、配置和工件中的秘密
- 設計和維護安全的構建管道和部署設置
- 瞭解安全合規性,包括當前和未來的法律
- 為未來的安全做好準備,整合 AI 生成的代碼

本書適合對象:
本書是安全和 IT 領導者在現代軟體開發複雜性中導航的必讀書籍。該書對首席安全官(CSO)、首席資訊安全官(CISO)、安全架構師、DevOps 專業人員和 IT 決策者也非常有用。需要對軟體工程、版本控制以及構建和交付機制有基本了解。本指南將使您能夠理解和減輕當今動態軟體工廠中的威脅,無論您的技術深度如何。

目錄:
- 安全環境介紹
- 軟體供應鏈與 SDLC
- 保護您的代碼編寫工具
- 保護您的秘密
- 保護您的源代碼
- 保護您的交付
- 安全合規性與認證
- 驅動安全認同的最佳實踐