Agile Application Security

Enabling Security in a Continuous Delivery Pipeline

Author: Laura Bell,Michael Brunton-Spall,Rich Smith,Jim Bird

Publisher: "O'Reilly Media, Inc."

ISBN: 1491938811

Category: Computers

Page: 386

View: 6613

DOWNLOAD NOW »

Agile continues to be the most adopted software development methodology among organizations worldwide, but it generally hasn't integrated well with traditional security management techniques. And most security professionals aren’t up to speed in their understanding and experience of agile development. To help bridge the divide between these two worlds, this practical guide introduces several security tools and techniques adapted specifically to integrate with agile development. Written by security experts and agile veterans, this book begins by introducing security principles to agile practitioners, and agile principles to security practitioners. The authors also reveal problems they encountered in their own experiences with agile security, and how they worked to solve them. You’ll learn how to: Add security practices to each stage of your existing development lifecycle Integrate security with planning, requirements, design, and at the code level Include security testing as part of your team’s effort to deliver working software in each release Implement regulatory compliance in an agile or DevOps environment Build an effective security program through a culture of empathy, openness, transparency, and collaboration
Release

Agile Processes in Software Engineering and Extreme Programming

11th International Conference, XP 2010, Trondheim, Norway, June 1-4, 2010, Proceedings

Author: Alberto Sillitti,Angela Martin,Xiaofeng Wang,Elizabeth Whitworth

Publisher: Springer Science & Business Media

ISBN: 3642130534

Category: Business & Economics

Page: 418

View: 7640

DOWNLOAD NOW »

This book contains the refereed proceedings of the 11th International Conference on Agile Software Development, XP 2010, held in Trondheim, Norway, in June 2010. In order to better evaluate the submitted papers and to highlight the applicational aspects of agile software practices, there were two different program committees, one for research papers and one for experience reports. Regarding the research papers, 11 out of 39 submissions were accepted as full papers; and as far as the experience reports were concerned, the respective number was 15 out of 50 submissions. In addition to these papers, this volume also includes the short research papers, the abstracts of the posters, the position papers of the PhD symposium, and the abstracts of the panel on “Collaboration in an Agile World”.
Release

Continuous Delivery in Java

Essential Tools and Best Practices for Deploying Code to Production

Author: Daniel Bryant,Abraham Marín-Pérez

Publisher: "O'Reilly Media, Inc."

ISBN: 1491985976

Category: Computers

Page: 482

View: 7905

DOWNLOAD NOW »

Continuous delivery adds enormous value to the business and the entire software delivery lifecycle, but adopting this practice means mastering new skills typically outside of a developer’s comfort zone. In this practical book, Daniel Bryant and Abraham Marín-Pérez provide guidance to help experienced Java developers master skills such as architectural design, automated quality assurance, and application packaging and deployment on a variety of platforms. Not only will you learn how to create a comprehensive build pipeline for continually delivering effective software, but you’ll also explore how Java application architecture and deployment platforms have affected the way we rapidly and safely deliver new software to production environments. Get advice for beginning or completing your migration to continuous delivery Design architecture to enable the continuous delivery of Java applications Build application artifacts including fat JARs, virtual machine images, and operating system container (Docker) images Use continuous integration tooling like Jenkins, PMD, and find-sec-bugs to automate code quality checks Create a comprehensive build pipeline and design software to separate the deploy and release processes Explore why functional and system quality attribute testing is vital from development to delivery Learn how to effectively build and test applications locally and observe your system while it runs in production
Release

Future-Proof Software Systems

A Sustainable Evolution Strategy

Author: Frank J. Furrer

Publisher: Springer

ISBN: 3658199385

Category: Computers

Page: 395

View: 7892

DOWNLOAD NOW »

Software is a key success factor for products and services. The tremendous impact of software on all areas of our work, life, and on society is undisputed and is growing every day. The software community has a strong responsibility to produce and operate dependable, trustworthy and useful software. The software should at the same time provide business value and guarantee a number of quality of service properties, such as security, safety, performance, maintainability etc. In this book, this objective is achieved by using: An adequate strategy “Managed Evolution”; The engineering best practice “Principle-Based Architecting”. Managed Evolution is based on a stepwise, risk-controlled, integrated approach leading to future-proof software-systems, i.e. to sustainable, viable and dependable software-systems. In principle-based architecting, a set of enforcable architecture principles are formulated and applied during each evolution cycle of the software-system. This book provides a set of good engineering practices for the development of future-proof software-systems.
Release

The 7 Qualities of Highly Secure Software

Author: Mano Paul

Publisher: CRC Press

ISBN: 146656654X

Category: Computers

Page: 160

View: 6024

DOWNLOAD NOW »

The 7 Qualities of Highly Secure Software provides a framework for designing, developing, and deploying hacker-resilient software. It uses engaging anecdotes and analogies—ranging from Aesop’s fables, athletics, architecture, biology, nursery rhymes, and video games—to illustrate the qualities that are essential for the development of highly secure software. Each chapter details one of the seven qualities that can make your software highly secure and less susceptible to hacker threats. Leveraging real-world experiences and examples, the book: Explains complex security concepts in language that is easy to understand for professionals involved in management, software development, and operations Specifies the qualities and skills that are essential for building secure software Highlights the parallels between the habits of effective people and qualities in terms of software security Praise for the Book: This will be required reading for my executives, security team, software architects and lead developers. —David W. Stender, CISSP, CSSLP, CAP, CISO of the US Internal Revenue Service Developing highly secure software should be at the forefront of organizational strategy and this book provides a framework to do so. —Troy Leach, CTO, PCI Security Standards Council This book will teach you the core, critical skills needed to raise the security bar on the attackers and swing the game in your favor. —Michael Howard, Principal Cyber Security Program Manager, Microsoft As a penetration tester, my job will be a lot harder as people read this book! —Kevin Johnson, Security Consultant, Secure Ideas
Release

Agile and Lean Service-Oriented Development: Foundations, Theory, and Practice

Foundations, Theory, and Practice

Author: Wang, Xiaofeng

Publisher: IGI Global

ISBN: 146662504X

Category: Computers

Page: 312

View: 2232

DOWNLOAD NOW »

Challenges in unpredictable markets, changing customer requirements, and advancing information technologies have lead to progression towards service oriented engineering and agile and lean software development. These prevailing approaches to software systems provide solutions to challenges in demanding business environments. Agile and Lean Service-Oriented Development: Foundations, Theory and Practice explores the groundwork of service-oriented and agile and lean development and the conceptual basis and experimental evidences for the combination of the two approaches. Highlighting the best tools and guidelines for these developments in practice, this book is essential for researchers and practitioners in the software development and service computing fields.
Release

Building the Agile Database

How to Build a Successful Application Using Agile Without Sacrificing Data Management

Author: Larry Burns

Publisher: Technics Publications

ISBN: 1634620232

Category: Computers

Page: 276

View: 7284

DOWNLOAD NOW »

Is fast development the enemy of good development? Not necessarily. Agile development requires that databases are designed and built quickly enough to meet fast-based delivery schedules — but in a way that also delivers maximum business value and reuse. How can these requirements both be satisfied? This book, suitable for practitioners at all levels, will explain how to design and build enterprise-quality high-value databases within the constraints of an Agile project. Starting with an overview of the business case for good data management practices, the book defines the various stakeholder groups involved in the software development process, explains the economics of software development (including “time to market” vs. “time to money”), and describes an approach to Agile database development based on the five PRISM principles. This book explains how to work with application developers and other stakeholders, examines critical issues in Agile Development and Data Management, and describes how developers and data professionals can work together to make Agile projects successful while delivering maximum value data to the enterprise. Building the Agile Database will serve as an excellent reference for application developers, data managers, DBAs, project managers, Scrum Masters and IT managers looking to get more value from their development efforts. Among the topics covered: 1. Why Agile is more than just the latest development fad 2. The critical distinction between the logical and physical views of data 3. The importance of data virtualization, and how to achieve it 4. How to eliminate the “object-relational impedance mismatch” 5. The difference between logical modeling and physical design 6. Why databases are more than “persistence engines” 7. When and how to do logical modeling and physical design 8. Use of the logical data model in model-driven development 9. Refactoring made easier 10. Developing an “Agile Attitude”
Release