Crafting secure software : an engineering leader's guide to security by design
Description
Loading Description...
More Details
Format
Edition
First edition.
Language
English
ISBN
1835885063, 9781835885062, 1835885071, 9781835885079
Notes
Description
Drawing from GitGuardian's extensive experience in securing millions of lines of code for organizations worldwide, Crafting Secure Software takes you on an exhaustive journey through the complex world of software security and prepares you to face current and emerging security challenges confidently. Authored by security experts, this book provides unique insights into the software development lifecycle (SDLC) and delivers actionable advice to help you mitigate and prevent risks. From securing code-writing tools and secrets to ensuring the integrity of the source code and delivery pipelines, you'll get a good grasp on the threat landscape, uncover best practices for protecting your software, and craft recommendations for future-proofing against upcoming security regulations and legislation. By the end of this book, you'll have gained a clear vision of the improvements needed in your security posture, along with concrete steps to implement them, empowering you to make informed decisions and take decisive action in safeguarding your software assets.
Local note
O'Reilly O'Reilly Online Learning: Academic/Public Library Edition
Also in this Series
Checking series information...
Reviews from GoodReads
Loading GoodReads Reviews.
Citations
APA Citation, 7th Edition (style guide)
Bulmash, G., & Segura, T. (2024). Crafting secure software: an engineering leader's guide to security by design (First edition.). Packt Publishing Ltd..
Chicago / Turabian - Author Date Citation, 17th Edition (style guide)Bulmash, Greg and Thomas, Segura. 2024. Crafting Secure Software: An Engineering Leader's Guide to Security By Design. Birmingham, UK: Packt Publishing Ltd.
Chicago / Turabian - Humanities (Notes and Bibliography) Citation, 17th Edition (style guide)Bulmash, Greg and Thomas, Segura. Crafting Secure Software: An Engineering Leader's Guide to Security By Design Birmingham, UK: Packt Publishing Ltd, 2024.
Harvard Citation (style guide)Bulmash, G. and Segura, T. (2024). Crafting secure software: an engineering leader's guide to security by design. First edn. Birmingham, UK: Packt Publishing Ltd.
MLA Citation, 9th Edition (style guide)Bulmash, Greg,, and Thomas Segura. Crafting Secure Software: An Engineering Leader's Guide to Security By Design First edition., Packt Publishing Ltd., 2024.
Note! Citations contain only title, author, edition, publisher, and year published. Citations should be used as a guideline and should be double checked for accuracy. Citation formats are based on standards as of August 2021.
Staff View
Grouped Work ID
69d9d9cf-cacb-70d0-4f1b-3a462c16c24e-eng
Grouping Information
| Grouped Work ID | 69d9d9cf-cacb-70d0-4f1b-3a462c16c24e-eng |
|---|---|
| Full title | crafting secure software an engineering leaders guide to security by design |
| Author | bulmash greg |
| Grouping Category | book |
| Last Update | 2025-04-23 03:41:00AM |
| Last Indexed | 2025-05-22 03:20:35AM |
Book Cover Information
| Image Source | syndetics |
|---|---|
| First Loaded | Feb 16, 2025 |
| Last Used | Feb 16, 2025 |
Marc Record
| First Detected | Dec 16, 2024 11:30:32 PM |
|---|---|
| Last File Modification Time | Dec 17, 2024 08:39:33 AM |
| Suppressed | Record had no items |
MARC Record
| LEADER | 05888cam a22005177i 4500 | ||
|---|---|---|---|
| 001 | on1456987368 | ||
| 003 | OCoLC | ||
| 005 | 20241217082859.0 | ||
| 006 | m o d | ||
| 007 | cr cnu|||unuuu | ||
| 008 | 240924s2024 enka ob 000 0 eng d | ||
| 019 | |a 1456056179|a 1456542026 | ||
| 020 | |a 1835885063 | ||
| 020 | |a 9781835885062 | ||
| 020 | |a 1835885071|q (electronic bk.) | ||
| 020 | |a 9781835885079|q (electronic bk.) | ||
| 035 | |a (OCoLC)1456987368|z (OCoLC)1456056179|z (OCoLC)1456542026 | ||
| 037 | |a 9781835885062|b O'Reilly Media | ||
| 037 | |a 10769313|b IEEE | ||
| 040 | |a ORMDA|b eng|e rda|e pn|c ORMDA|d ORMDA|d OCLCO|d EBLCP|d OCLCQ|d OCLKB|d YDX|d OCLCQ|d IEEEE | ||
| 049 | |a MAIN | ||
| 050 | 4 | |a QA76.758 | |
| 082 | 0 | 4 | |a 005.1|2 23/eng/20240924 |
| 100 | 1 | |a Bulmash, Greg,|e author. | |
| 245 | 1 | 0 | |a Crafting secure software :|b an engineering leader's guide to security by design /|c Greg Bulmash, Thomas Segura. |
| 250 | |a First edition. | ||
| 264 | 1 | |a Birmingham, UK :|b Packt Publishing Ltd.,|c 2024. | |
| 300 | |a 1 online resource (156 pages) :|b illustrations | ||
| 336 | |a text|b txt|2 rdacontent | ||
| 337 | |a computer|b c|2 rdamedia | ||
| 338 | |a online resource|b cr|2 rdacarrier | ||
| 505 | 0 | |a Cover -- Table of Contents -- Preface -- Chapter 1: Introduction to the Security Landscape -- The evolving application security landscape -- Security awareness -- Regulatory compliance and legal considerations -- Who are the threat actors? -- Supply chain attack case: SolarWinds -- Where GitGuardian stands in the landscape -- Summary -- Chapter 2: The Software Supply Chain and the SDLC -- What is the software supply chain? -- What is the software development life cycle? -- The intersection of SDLC and SSC -- SDLC stages and SSC considerations -- Trustworthiness in the software supply chain | |
| 505 | 8 | |a Common supply chain attack vectors and defenses -- Compromise of third-party components -- Supply chain poisoning via updates -- Insufficient security practices in development and operations -- Code repository tampering -- Threat modeling -- Decompose the application -- Determine and rank threats -- Risk assessment -- Integrating risk assessment to rank the threats -- Threat modeling and risk assessment: How do they differ? -- Real-world SSC attacks -- PHP: No harm, but foul -- 3CX: Compromised build servers deliver malware to hundreds of thousands -- Log4j: The undependable dependency | |
| 505 | 8 | |a Left-pad: Many introduced to supply chain attacks -- Summary -- Chapter 3: Securing Your Code-Writing Tools -- Securing your IDE -- Issues with the IDE itself -- Issues with IDE plugins -- Use case: Hardening Visual Studio Code -- Securing your VCS and SCM -- Access and rights -- Integrating security tools -- Securing built-in CI/CD tools -- Be sure and intentional about ""which"" does ""what -- Use secrets management -- Mask confidential information -- Benefits and dangers of LLM-generated code -- IP concerns and lack of provenance -- Challenges and risks of using AI-generated code | |
| 505 | 8 | |a Sensitive data leakage -- Summary -- Chapter 4: Securing Your Secrets -- What are secrets? -- One service, multiple secrets -- Secrets in code -- How do secrets end up in code? -- How do you detect secrets in code? -- How do you remediate a leaked secret? -- Common mistakes in remediating leaked secrets -- Considerations in the revoke and reissue workflow -- How do you prevent secrets in code? -- Secrets in tools -- How do secrets end up in tools? -- How do you detect secrets in tools? -- How do you remediate a leaked secret? -- How do you prevent secrets in tools? -- Secrets in artifacts | |
| 505 | 8 | |a How do secrets end up in artifacts? -- How do you detect secrets in artifacts? -- How do you remediate a leaked secret? -- How do you prevent secrets in artifacts? -- The importance of identity and access management (IAM) -- Machine identities -- Summary -- Chapter 5: Securing Your Source Code -- Package managers and repositories -- How are they made vulnerable? -- Testing SAST, DAST, and SCA -- Why testing is important -- Understanding SAST -- Understanding DAST -- Understanding SCA -- Scanning for secrets -- Creating and reading an SBOM -- What is an SBOM, and why you need one -- SBOM formats | |
| 520 | |a Drawing from GitGuardian's extensive experience in securing millions of lines of code for organizations worldwide, Crafting Secure Software takes you on an exhaustive journey through the complex world of software security and prepares you to face current and emerging security challenges confidently. Authored by security experts, this book provides unique insights into the software development lifecycle (SDLC) and delivers actionable advice to help you mitigate and prevent risks. From securing code-writing tools and secrets to ensuring the integrity of the source code and delivery pipelines, you'll get a good grasp on the threat landscape, uncover best practices for protecting your software, and craft recommendations for future-proofing against upcoming security regulations and legislation. By the end of this book, you'll have gained a clear vision of the improvements needed in your security posture, along with concrete steps to implement them, empowering you to make informed decisions and take decisive action in safeguarding your software assets. | ||
| 590 | |a O'Reilly|b O'Reilly Online Learning: Academic/Public Library Edition | ||
| 650 | 0 | |a Software engineering|x Security measures. | |
| 700 | 1 | |a Segura, Thomas,|e author. | |
| 856 | 4 | 0 | |u https://library.access.arlingtonva.us/login?url=https://learning.oreilly.com/library/view/~/9781835885062/?ar|x O'Reilly|z eBook |
| 938 | |a ProQuest Ebook Central|b EBLB|n EBL31679604 | ||
| 938 | |b OCKB|z netlibrary.ebooks,d695e3e2-c0e7-4a3e-ab7f-ba19cd68f837-emi | ||
| 938 | |a YBP Library Services|b YANK|n 21241233 | ||
| 994 | |a 92|b VIA | ||
| 999 | |c 361316|d 361316 | ||