The co-op bookstore for avid readers
Book Cover for: Crafting Secure Software: An engineering leader's guide to security by design, Greg Bulmash

Crafting Secure Software: An engineering leader's guide to security by design

Greg Bulmash

Gain a solid understanding of the threat landscape and discover best practices to protect your software factory throughout the SDLC, with valuable insights from security experts at GitGuardian

Key Features:

- Develop a strong security posture by grasping key attack vectors in the SDLC

- Implement industry-leading best practices to protect software from evolving threats

- Utilize legislative and regulatory landscapes to mitigate compliance-related costs

Book Description:

Drawing from GitGuardian's extensive experience in securing millions of lines of code for organizations worldwide, Crafting Secure Software takes you on an exhaustive journey through the complex world of software security and prepares you to face current and emerging security challenges confidently.

Authored by security experts, this book provides unique insights into the software development lifecycle (SDLC) and delivers actionable advice to help you mitigate and prevent risks. From securing code-writing tools and secrets to ensuring the integrity of the source code and delivery pipelines, you'll get a good grasp on the threat landscape, uncover best practices for protecting your software, and craft recommendations for future-proofing against upcoming security regulations and legislation.

By the end of this book, you'll have gained a clear vision of the improvements needed in your security posture, along with concrete steps to implement them, empowering you to make informed decisions and take decisive action in safeguarding your software assets.

What You Will Learn:

- Get to grips with security trends and GitGuardian's role in modern software

- Analyze major security breaches and their impact on the industry

- Develop a threat model tailored to your business and risk appetite

- Implement security measures across your entire SDLC

- Secure secrets within codebases, configurations, and artifacts

- Design and maintain secure build pipelines and deployment setups

- Navigate security compliance, including current and future laws

- Prepare for future security with AI-generated code integration

Who this book is for:

This book is an essential read for security and IT leaders navigating the complexities of modern software development. The book is also useful for chief security officers (CSOs), chief information security officers (CISOs), security architects, DevOps professionals, and IT decision makers. A basic understanding of software engineering, version control, and build and delivery mechanisms is needed. This guide will empower you to comprehend and mitigate threats in today's dynamic software factories, regardless of your technical depth.

Table of Contents

- Introduction to the Security Landscape

- The Software Supply Chain and the SDLC

- Securing Your Code-Writing Tools

- Securing Your Secrets

- Securing Your Source Code

- Securing Your Delivery

- Security Compliance and Certification

- Best Practices to Drive Security Buy-In

Book Details

  • Publisher: Packt Publishing
  • Publish Date: Sep 17th, 2024
  • Pages: 156
  • Language: English
  • Edition: undefined - undefined
  • Dimensions: 9.25in - 7.50in - 0.41in - 0.84lb
  • EAN: 9781835885062
  • Categories: Security - Cryptography & EncryptionInternet - Online Safety & Privacy

About the Author

Bulmash, Greg: - Greg Bulmash is a karaoke king who started blogging before "blog" was a word. He's picked up both developer certifications and press accreditations, been invited as a speaker to tech conferences on three continents and led a CoderDojo chapter that put on around 150 free STEM education events for Seattle area children. At GitGuardian, he's produced expert-oriented company blogs, externally placed articles, and cartoons for content marketing and thought leadership on cybersecurity best practices, secrets management, software supply chain security, cybersecurity legislation & regulation.
Segura, Thomas: - Thomas Segura is a seasoned technical writer and former DevOps engineer passionate about bridging the gap between security teams and developers. After developing microservices for smart grids at a major energy company, Thomas joined GitGuardian, a leading code security innovator, in 2021. As a technical content writer, he produces in-depth material on application and cloud security best practices. His notable works include the "State of Secrets Sprawl" report and the Secrets Management Maturity Model. Thomas's insights have been featured on Hacker News, DevOps, and HelpNetSecurity. Through his writing, he shapes the conversation around modern software security, emphasizing collaboration between development and security teams.