Mark S. Merkow, CISSP, CISM, CSSLP works at PayPal Inc. (an eBay company) in Scottsdale, Arizona, as Manager of Information Security Policies, Standards, Training, and Awareness in the Information Risk Management area. Mark has more than 35 years of experience in information technology in a variety of roles, including applications development, systems analysis and design, security engineering, and security management. Mark holds a masters degree in decision and info systems from Arizona State University (ASU), a masters of education in distance learning from ASU, and an undergraduate degree in computer info systems from ASU. In addition to his day job, Mark engages in a number of other extracurricular activities, including consulting, course development, online course delivery, and writing columns and books on information technology and information security. Mark has authored or coauthored ten books on IT and is a contributing editor on four others. Mark remains very active within the information security community, working in a variety of roles for the Financial Services Information Sharing and Analysis Center (FS-ISAC), the Financial Services Technology Consortium (FSTC), and the Financial Services Sector Coordinating Council (FSCCC) on Homeland Security and Critical Infrastructure Protection. He is the chairman of the Education Committee for the FS-ISAC and is a founding member of the Research and Development Committee of the FSSCC. Lakshmikanth Raghavan, CISM, CRISC (Laksh) works at PayPal Inc. (an eBay company) as Staff Information Security Engineer in the Information Risk Management area, specializing in application security. Laksh has more than ten years of experience in the areas of information security and information risk management, and has provided consulting services to Fortune 500 companies and financial services companies around the world. Laksh holds a bachelor's degree in electronics and telecommunication engineering from the University of Madras, India. He enjoys writing security-related articles and has spoken on the various dimensions of software security at industry forums and security conferences. This is Laksh's second book.
It's hard to imagine a more difficult and less well-understood challenge than developing secure and resilient software. This book is full of useful insights and practical advice from two authors who have lived this process. What you get is a tactical application security roadmap that cuts through the noise and is immediately applicable to your projects. What's really unique is the way that the book links together different standards to illuminate security across the entire software development process. You'll learn how security evolves from threats to security requirements, through security services like OWASP ESAPI, into security architecture, and then into security testing and analysis leveraging OWASP ASVS. Highly recommended for anyone who cares about the future of the world's software. -Jeff Williams, CEO of Aspect Security & Volunteer Chair of the OWASP Foundation