0

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Crafting Secure Software

You're reading from Crafting Secure Software An engineering leader's guide to security by design

Product type Paperback

Published in Sep 2024

Publisher Packt

ISBN-13 9781835885062

Length 156 pages

Edition 1st Edition

Tools

GitHub

Concepts

Application Security

Author (1):

GitGuardian SAS

View More author details

Table of Contents (11) Chapters

Preface

1. Chapter 1: Introduction to the Security Landscape

2. Chapter 2: The Software Supply Chain and the SDLC FREE CHAPTER

3. Chapter 3: Securing Your Code-Writing Tools

4. Chapter 4: Securing Your Secrets

5. Chapter 5: Securing Your Source Code

6. Chapter 6: Securing Your Delivery

7. Chapter 7: Security Compliance and Certification

8. Chapter 8: Best Practices to Drive Security Buy-In

9. Other Books You May Enjoy

Appendix: Glossary of Acronyms and Abbreviations: Index

Why subscribe?

Risk assessment

While threat modeling is a technical activity that is more objective in nature, using risk assessment is more subjective and tied to your priorities, needs, and sensitivities.

Integrating risk assessment to rank the threats

Risk assessment takes two main vectors into account—likelihood and damage:

Likelihood: How likely is the threat to manifest? This takes into account how prized the result will be to an attacker and how easily they could get that result given your current defenses.
Damage: What would be the actual impact if an attacker successfully manifested the threat? Would it create additional threats? Would it expose anything of value to theft or discovery?

An example of a common threat is an automated “bot” filling out and submitting a form to register as a website user.

For example, a decade ago, it was easy for people to buy tens of thousands of followers on social media sites to make themselves look influential...

You have been reading a chapter from

Crafting Secure Software

Published in: Sep 2024

Publisher: Packt

ISBN-13: 9781835885062

© 2024 Packt Publishing Limited All Rights Reserved

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (2)

Greg Bulmash

Greg Bulmash

Greg Bulmash is a karaoke king who started blogging before “blog” was a word. He's picked up both developer certifications and press accreditations, been invited as a speaker to tech conferences on three continents and led a CoderDojo chapter that put on around 150 free STEM education events for Seattle area children. At GitGuardian, he's produced expert-oriented company blogs, externally placed articles, and cartoons for content marketing and thought leadership on cybersecurity best practices, secrets management, software supply chain security, cybersecurity legislation & regulation.

See other products by Greg Bulmash

Thomas Segura

Thomas Segura

Thomas Segura is a seasoned technical writer and former DevOps engineer passionate about bridging the gap between security teams and developers. After developing microservices for smart grids at a major energy company, Thomas joined GitGuardian, a leading code security innovator, in 2021. As a technical content writer, he produces in-depth material on application and cloud security best practices. His notable works include the "State of Secrets Sprawl" report and the Secrets Management Maturity Model. Thomas's insights have been featured on Hacker News, DevOps, and HelpNetSecurity. Through his writing, he shapes the conversation around modern software security, emphasizing collaboration between development and security teams.

See other products by Thomas Segura

Personalised recommendations for you

Based on your interests and search pattern

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m