Practical Security for Agile and DevOps

Mark S. Merkow (Technical Security Strategy, Scottsdale, Arizona, USA)

$336

Hardback

Not in-store but you can order this
How long will it take?

Availability Information

We source books from suppliers in Australia and overseas. For books we don't currently have in stock, the time it takes to get them from our suppliers can vary widely - from a few days to a few months - so we check each book with each supplier to determine the expected time it will take to be supplied to us.

We then advise you accordingly. If the time taken to get any book is too long for you, you can let us know and we will cancel or adjust your order, and refund as required.

To find out the anticipated arrival time for specific items prior to ordering, please contact us by phone or email:

Phone +61 2 9264 3111, or 1800 4 BOOKS (1800 4 26657) if outside Sydney:
option 1 Abbey's Bookshop (Crime, History, Science, Kids & more) • info@abbeys.com.au
option 2 Language Book Centre (ESL & Foreign Languages) • language@abbeys.com.au
option 3 Galaxy Bookshop (Sci-fi, Fantasy, Romance, Graphic Novels) • sf@galaxybooks.com.au

QTY:

English

Auerbach
14 February 2022

Legal aspects of computing; Software Engineering; Computer security; Network management; Computer science

This textbook was written from the perspective of someone who began his software security career in 2005, long before the industry began focusing on it. This is an excellent perspective for students who want to learn about securing application development. After having made all the rookie mistakes, the author realized that software security is a human factors issue rather than a technical or process issue alone. Throwing technology into an environment that expects people to deal with it but failing to prepare them technically and psychologically with the knowledge and skills needed is a certain recipe for bad results.

Practical Security for Agile and DevOps is a collection of best practices and effective implementation recommendations that are proven to work. The text leaves the boring details of software security theory out of the discussion as much as possible to concentrate on practical applied software security that is useful to professionals. It is as much a book for students’ own benefit as it is for the benefit of their academic careers and organizations. Professionals who are skilled in secure and resilient software development and related tasks are in tremendous demand. This demand will increase exponentially for the foreseeable future. As students integrate the text’s best practices into their daily duties, their value increases to their companies, management, community, and industry.

The textbook was written for the following readers:

Students in higher education programs in business or engineering disciplines

AppSec architects and program managers in information security organizations

Enterprise architecture teams with a focus on application development

Scrum Teams including:

Scrum Masters

Engineers/developers

Analysts

Architects

Testers

DevOps teams

Product owners and their management

Project managers

Application security auditors

Agile coaches and trainers

Instructors and trainers in academia and private organizations

By: Mark S. Merkow (Technical Security Strategy Scottsdale Arizona USA)
Imprint: Auerbach
Country of Publication: United Kingdom
Dimensions: Height: 254mm, Width: 178mm,
Weight: 585g
ISBN: 9781032206479
ISBN 10: 1032206470
Pages: 210
Publication Date: 14 February 2022
Audience: College/higher education , General/trade , Primary , ELT Advanced
Format: Hardback
Publisher's Status: Active

Dedication. Contents. List of Figures and Tables. Preface. About the Author. Chapter 1: Today’s Software Development Practices Shatter Old Security Practices. Chapter 2: Deconstructing Agile and Scrum. Chapter 3: Learning Is FUNdamental! Chapter 4: Product Backlog Development—Building Security In. Chapter 5: Secure Design Considerations. Chapter 6: Security in the Design Sprint. Chapter 7: Defensive Programming. Chapter 8: Testing Part 1: Static Code Analysis. Chapter 9: Testing Part 2: Penetration Testing/Dynamic Analysis/IAST/RASP. Chapter 10: Securing DevOps. Chapter 11: Metrics and Models for AppSec Maturity. Chapter 12: Frontiers for AppSec. Chapter 13: AppSec Is a Marathon—Not a Sprint! Appendix A: Security Acceptance Criteria. Appendix B: Resources for AppSec. Appendix C: Answers to Chapter Quick Check Questions. Glossary. Index.

Mark S. Merkow, CISSP, CISM, CSSLP, works at HealthEquity, Inc., in Tempe, Arizona, helping to lead application and IT security architecture and engineering efforts in the office of the CISO. In addition to his day job, Mark is a faculty member at the University of Denver, where he works on developing and instructing online courses in topics across the Information Security spectrum, with a focus on secure software development. He also works as an advisor to the University of Denver’s Information and Computing Technology Curriculum Team for new course development and changes to the curriculum. Mark has over 40 years of experience in IT in a variety of roles, including application development, systems analysis and design, security engineering, and security management. Mark holds a Master of Science in Decision and Information Systems from Arizona State University (ASU), a Master of Education in Distance Education from ASU, and a Bachelor of Science in Computer Information Systems from ASU.