Agile Application Security: Enabling Security in a Continuous Delivery Pipeline

Agile continues to be the most adopted software development methodology among organizations worldwide, but it generally hasn't integrated well with traditional security management techniques. And most security professionals aren’t up to speed in their understanding and experience of agile development. To help bridge the divide between these two worlds, this practical guide introduces several security tools and techniques adapted specifically to integrate with agile development. Written by security experts and agile veterans, this book begins by introducing security principles to agile practitioners, and agile principles to security practitioners. The authors also reveal problems they encountered in their own experiences with agile security, and how they worked to solve them.

Book contents:

  1. Getting Started with Security

  2. Agile Enablers

  3. Welcome to the Agile Revolution

  4. Working with Your Existing Agile Life Cycle

  5. Security and Requirements

  6. Agile Vulnerability Management

  7. Risk for Agile Teams

  8. Threat Assessments and Understanding Attacks

  9. Building Secure and Usable Systems

  10. Code Review for Security

  11. Agile Security Testing

  12. External Reviews, Testing, and Advice

  13. Operations and OpSec

  14. Compliance

  15. Security Culture

  16. What Does Agile Security Mean?