Alice and Bob Learn Application Security. Tanya Janca

Чтение книги онлайн.

Читать онлайн книгу Alice and Bob Learn Application Security - Tanya Janca страница 2

Alice and Bob Learn Application Security - Tanya Janca

Скачать книгу

Exercises

      5  Part III: Helpful Information on How to Continue to Create Very Good Code CHAPTER 9: Good Habits Password Management Multi-Factor Authentication Incident Response Fire Drills Continuous Scanning Technical Debt Inventory Other Good Habits Summary Exercises CHAPTER 10: Continuous Learning What to Learn Take Action Exercises Learning Plan CHAPTER 11: Closing Thoughts Lingering Questions Conclusion

      6  APPENDIX A: Resources Introduction Chapter 1: Security Fundamentals Chapter 2: Security Requirements Chapter 3: Secure Design Chapter 4: Secure Code Chapter 5: Common Pitfalls Chapter 6: Testing and Deployment Chapter 7: An AppSec Program Chapter 8: Securing Modern Applications and Systems Chapter 9: Good Habits Chapter 10: Continuous Learning

      7  APPENDIX B: Answer Key Chapter 1: Security Fundamentals Chapter 2: Security Requirements Chapter 3: Secure Design Chapter 4: Secure Code Chapter 5: Common Pitfalls Chapter 6: Testing and Deployment Chapter 7: An AppSec Program Chapter 8: Securing Modern Applications and Systems Chapter 9: Good Habits Chapter 10: Continuous Learning

      8  Index

      9  End User License Agreement

      List of Illustrations

      1 IntroductionFigure I-1: System Development Life Cycle (SDLC)Figure I-2: Shifting/Pushing Left

      2 Chapter 1Figure 1-1: The CIA Triad is the reason IT Security teams exist.Figure 1-2: Confidentiality: keeping things safeFigure 1-3: Integrity means accuracy.Figure 1-4: Resilience improves availability.Figure 1-5: Three layers of security for an application; an example of defens...Figure 1-6: A possible supply chain for Bob’s doll houseFigure 1-7: Example of an application calling APIs and when to authenticate

      3 Chapter 2Figure 2-1: The System Development Life Cycle (SDLC)Figure 2-2: Data classifications Bob uses at workFigure 2-3: Forgotten password flowchartFigure 2-4: Illustration of a web proxy intercepting web traffic

      4 Chapter 3Figure 3-1: The System Development Life Cycle (SDLC)Figure 3-2: Flaws versus bugsFigure 3-3: Approximate cost to fix security bugs and flaws during the SDLCFigure 3-4: Pushing leftFigure 3-5: Using a web proxy to circumvent JavaScript validationFigure 3-6: Example of very basic attack tree for a run-tracking mobile app

      5 Chapter 4Figure 4-1: Input validation flowchart for untrusted dataFigure 4-2: Session management flow example

      6 Chapter 5Figure 5-1: CRSF flowchartFigure 5-2: SSRF flowchart

      7 Chapter 6Figure 6-1: Continuous Integration/Continuous Delivery (CI/CD)

      8 Chapter 7Figure 7-1: Security activities added to the SDLC

      9 Chapter 8Figure 8-1: Simplified microservice architectureFigure 8-2: Microservice architecture with API gatewayFigure 8-3: Infrastructure as Code workflowFigure 8-4: File integrity monitoring and application control tooling at work...

      Guide

      1  Cover

      2 Table of Contents

      3  Begin Reading

Скачать книгу