Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Crafting Secure Software

You're reading from   Crafting Secure Software An engineering leader's guide to security by design

Arrow left icon
Product type Paperback
Published in Sep 2024
Publisher Packt
ISBN-13 9781835885062
Length 156 pages
Edition 1st Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
GitGuardian SAS GitGuardian SAS
Author Profile Icon GitGuardian SAS
GitGuardian SAS
Arrow right icon
View More author details
Toc

Table of Contents (11) Chapters Close

Preface 1. Chapter 1: Introduction to the Security Landscape 2. Chapter 2: The Software Supply Chain and the SDLC FREE CHAPTER 3. Chapter 3: Securing Your Code-Writing Tools 4. Chapter 4: Securing Your Secrets 5. Chapter 5: Securing Your Source Code 6. Chapter 6: Securing Your Delivery 7. Chapter 7: Security Compliance and Certification 8. Chapter 8: Best Practices to Drive Security Buy-In 9. Other Books You May Enjoy Appendix: Glossary of Acronyms and Abbreviations: Index

What this book covers

Chapter 1, Introduction to the Security Landscape, explores the impact of DevOps and cloud computing on software security, highlighting new vulnerabilities. It discusses significant security incidents and their implications. Legislative impacts and strategies to mitigate risks are also covered. Understanding these challenges helps prepare for potential threats and regulatory changes.

Chapter 2, The Software Supply Chain and the SDLC, examines the role of the software supply chain in the SDLC, focusing on common attack vectors and defenses. It provides guidance on threat modeling tailored to organizational risk profiles. Real-world case studies, such as SolarWinds and Log4j, illustrate supply-chain attack impacts, which in turn helps build a robust security posture.

Chapter 3, Securing Your Code-Writing Tools, discusses securing integrated development environments (IDEs) and source code management (SCM) systems. It covers security considerations for IDE plugins and access controls, and details the risks of large language model (LLM)-generated code. This chapter also discusses strategies to integrate security tools within the development pipeline.

Chapter 4, Securing Your Secrets, highlights the risks of hardcoded secrets in code and other artifacts. It emphasizes best practices for secrets management and identity and access management (IAM). The chapter also discusses the role of automation in reducing human errors and strategies to secure potential attack surfaces, such as GitHub repositories.

Chapter 5, Securing Your Source Code, focuses on the security challenges related to source code and open source dependencies. It explains the importance of static application security testing (SAST) and software composition analysis (SCA). The creation of a software bill of materials (SBOM) for transparency is discussed.

Chapter 6, Securing Your Delivery, addresses the security aspects of build pipelines, containers, and deployment environments and details best practices to secure them. It also discusses the importance of securing configurations and monitoring tools and provides strategies for protecting infrastructure against attacks.

Chapter 7, Security Compliance and Certification, explores the legal responsibilities and regulatory frameworks for software security. It covers current and future legislation, compliance standards, and certification processes, along with practical guidance to achieve and maintain compliance. The chapter emphasizes demonstrating security measures to build trust with customers and regulators.

Chapter 8, Best Practices to Drive Security Buy-In, offers strategies to cultivate a security-conscious culture and secure stakeholder buy-in. It highlights the importance of risk assessments, effective communication, and showcasing the ROI of security initiatives. This chapter also includes real-world testimonials and success stories, and provides practical approaches to implement robust security measures.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime