Books & Videos

Table of Contents

  1. Developing a Security Plan

    1. Chapter 1 Defining the Application Environment

      1. Specifying Web Application Threats
      2. Understanding Software Security Assurance (SSA)
      3. Delving into Language-Specific Issues
      4. Considering Endpoint Defense Essentials
      5. Dealing with Cloud Storage
      6. Using External Code and Resources
      7. Allowing Access by Others
    2. Chapter 2 Embracing User Needs and Expectations

      1. Developing a User View of the Application
      2. Considering Bring Your Own Device (BYOD) Issues
      3. Devising Password Alternatives
      4. Focusing on User Expectations
    3. Chapter 3 Getting Third-Party Assistance

      1. Discovering Third-Party Security Solutions
      2. Considering Cloud Security Solutions
      3. Choosing Between Product Types
  2. Applying Successful Coding Practices

    1. Chapter 4 Developing Successful Interfaces

      1. Assessing the User Interface
      2. Providing Controlled Choices
      3. Choosing a User Interface Solution Level
      4. Validating the Input
      5. Expecting the Unexpected
    2. Chapter 5 Building Reliable Code

      1. Differentiating Reliability and Security
      2. Developing Team Protocols
      3. Creating a Lessons Learned Feedback Loop
      4. Considering Issues of Packaged Solutions
    3. Chapter 6 Incorporating Libraries

      1. Considering Library Uses
      2. Differentiating Between Internally Stored and Externally Stored Libraries
      3. Defining the Security Threats Posed by Libraries
      4. Incorporating Libraries Safely
      5. Differentiating Between Libraries and Frameworks
    4. Chapter 7 Using APIs with Care

      1. Differentiating Between APIs and Libraries
      2. Extending JavaScript Using APIs
      3. Defining the Security Threats Posed by APIs
      4. Accessing APIs Safely from JavaScript
    5. Chapter 8 Considering the Use of Microservices

      1. Defining Microservices
      2. Making Microservice Calls Using JavaScript
      3. Defining the Security Threats Posed by Microservices
      4. Creating Alternate Microservice Paths
  3. Creating Useful and Efficient Testing Strategies

    1. Chapter 9 Thinking Like a Hacker

      1. Defining a Need for Web Security Scans
      2. Building a Testing System
      3. Defining the Most Common Breach Sources
      4. Testing in a BYOD Environment
      5. Relying on User Testing
      6. Using Outside Security Testers
    2. Chapter 10 Creating an API Safety Zone

      1. Understanding the Concept of an API Safety Zone
      2. Defining the Need for an API Safety Zone
      3. Developing with an API Sandbox
      4. Considering Virtual Environments
    3. Chapter 11 Checking Libraries and APIs for Holes

      1. Creating a Testing Plan
      2. Testing Libraries and APIs Individually
      3. Performing Integration Testing
      4. Testing for Language-Specific Issues
    4. Chapter 12 Using Third-Party Testing

      1. Locating Third-Party Testing Services
      2. Creating a Testing Plan
      3. Implementing a Testing Plan
      4. Using the Resulting Reports
  4. Implementing a Maintenance Cycle

    1. Chapter 13 Clearly Defining Upgrade Cycles

      1. Developing a Detailed Upgrade Cycle Plan
      2. Creating an Upgrade Testing Schedule
      3. Moving an Upgrade to Production
    2. Chapter 14 Considering Update Options

      1. Differentiating Between Upgrades and Updates
      2. Determining When to Update
      3. Updating Language Suites
      4. Performing Emergency Updates
      5. Creating an Update Testing Schedule
    3. Chapter 15 Considering the Need for Reports

      1. Using Reports to Make Changes
      2. Creating Internal Reports
      3. Relying on Externally Generated Reports
      4. Providing for User Feedback
  5. Locating Security Resources

    1. Chapter 16 Tracking Current Security Threats

      1. Developing Sources for Security Threat Information
      2. Avoiding Information Overload
      3. Creating a Plan for Upgrades Based on Threats
      4. Creating a Plan for Updates Based on Threats
    2. Chapter 17 Getting Required Training

      1. Creating an In-House Security Training Plan
      2. Obtaining Third-Party Training for Developers
      3. Ensuring Users Are Security Aware