You're reading from Crafting Secure Software An engineering leader's guide to security by design

Product type Paperback

Published in Sep 2024

Publisher Packt

ISBN-13 9781835885062

Length 156 pages

Edition 1st Edition

Tools

GitHub

Concepts

Application Security

Author (1):

GitGuardian SAS

View More author details

Table of Contents (11) Chapters

Preface

1. Chapter 1: Introduction to the Security Landscape

2. Chapter 2: The Software Supply Chain and the SDLC FREE CHAPTER

3. Chapter 3: Securing Your Code-Writing Tools

4. Chapter 4: Securing Your Secrets

5. Chapter 5: Securing Your Source Code

6. Chapter 6: Securing Your Delivery

7. Chapter 7: Security Compliance and Certification

8. Chapter 8: Best Practices to Drive Security Buy-In

9. Other Books You May Enjoy

Appendix: Glossary of Acronyms and Abbreviations: Index

Why subscribe?

What this book covers

Chapter 1, Introduction to the Security Landscape, explores the impact of DevOps and cloud computing on software security, highlighting new vulnerabilities. It discusses significant security incidents and their implications. Legislative impacts and strategies to mitigate risks are also covered. Understanding these challenges helps prepare for potential threats and regulatory changes.

Chapter 2, The Software Supply Chain and the SDLC, examines the role of the software supply chain in the SDLC, focusing on common attack vectors and defenses. It provides guidance on threat modeling tailored to organizational risk profiles. Real-world case studies, such as SolarWinds and Log4j, illustrate supply-chain attack impacts, which in turn helps build a robust security posture.

Chapter 3, Securing Your Code-Writing Tools, discusses securing integrated development environments (IDEs) and source code management (SCM) systems. It covers security considerations for IDE plugins and access controls, and details the risks of large language model (LLM)-generated code. This chapter also discusses strategies to integrate security tools within the development pipeline.

Chapter 4, Securing Your Secrets, highlights the risks of hardcoded secrets in code and other artifacts. It emphasizes best practices for secrets management and identity and access management (IAM). The chapter also discusses the role of automation in reducing human errors and strategies to secure potential attack surfaces, such as GitHub repositories.

Chapter 5, Securing Your Source Code, focuses on the security challenges related to source code and open source dependencies. It explains the importance of static application security testing (SAST) and software composition analysis (SCA). The creation of a software bill of materials (SBOM) for transparency is discussed.

Chapter 6, Securing Your Delivery, addresses the security aspects of build pipelines, containers, and deployment environments and details best practices to secure them. It also discusses the importance of securing configurations and monitoring tools and provides strategies for protecting infrastructure against attacks.

Chapter 7, Security Compliance and Certification, explores the legal responsibilities and regulatory frameworks for software security. It covers current and future legislation, compliance standards, and certification processes, along with practical guidance to achieve and maintain compliance. The chapter emphasizes demonstrating security measures to build trust with customers and regulators.

Chapter 8, Best Practices to Drive Security Buy-In, offers strategies to cultivate a security-conscious culture and secure stakeholder buy-in. It highlights the importance of risk assessments, effective communication, and showcasing the ROI of security initiatives. This chapter also includes real-world testimonials and success stories, and provides practical approaches to implement robust security measures.