Agile Application Security Enabling Security in a Continuous Delivery Pipeline By Publisher: O'Reilly Media Final Release Date: November 2016 Pages: 300

As the fastest growing, most commonly adopted development lifecycle, agile software development enables organizations to react quickly to rapidly changing customer requirements and market conditions without heavy capital investment or long delays. But many people in the software industry believe that this finely tuned balance of processes, patterns, and practices is difficult to integrate with traditional security management techniques. With this practical guide, you'll learn a range of security tools and techniques specifically adapted to integrate with agile development. These practices aim to bridge the divide between these two worlds and bring security confidence and consciousness without compromising innovation, flexibility, and speed.

Chapter 1 Agile Security
Chapter 2 Agile Precursors
Chapter 3 Getting Started with Security
Chapter 4 Welcome to the Agile Revolution

Title: Agile Application Security
By: Laura Bell, Michael Brunton-Spall, Rich Smith, Jim Bird
Publisher: O'Reilly Media

Early Release Ebook Print: Early Release Ebook: Pages: 300 (est.) Print ISBN: 978-1-4919-3884-3 | ISBN 10: 1-4919-3884-6 Early Release Ebook ISBN: 978-1-4919-3902-4 | ISBN 10: 1-4919-3902-8 Laura Bell Laura Bell is the founder and lead consultant for SafeStack, a security training, development, and consultancy firm. Laura is a software developer and penetration tester specializing in the management of information and application security risk within start-up and agile organizations. Over the past decade she has held a range of security and development roles and experienced first-hand the challenges of developing performant, scalable and secure systems. Historically the security function of an organization has been separate from the technical innovators, however Laura educates clients and audiences that in modern business this no longer works. Developers and implementers want to be empowered to understand their own security risk and address it. View Laura Bell's full profile page. Michael Brunton-Spall Michael Brunton-Spall is the lead security architect for Government Technology, Government Digital Service,a service in the Cabinet Office of the UK Government. He helps set and assess security standards and advises on building secure services within government. He works as a consulting architect with a variety of government departments, helping them understand and implement Agile, DevOps, service operation and modern web architectures. Previously Michael has worked in the news industry, the gaming industry, the finance industry and the gambling industry. View Michael Brunton-Spall's full profile page. Rich Smith Rich Smith, Director of Security Engineering at Etsy, leads a fearless band of cyber-guardians in defending Etsy's members, sellers, and knitted goods from the evils of the Interwebs. Prior to his role at Etsy, Rich co-founded Syndis, Iceland’s premier technical security consultancy, where he continues to be an advisor and board member. View Rich Smith's full profile page. Jim Bird Jim Bird is a CTO, software development manager, and project manager with more than 20 years of experience in financial services technology. He has worked with stock exchanges, central banks, clearinghouses, securities regulators, and trading firms in more than 30 countries. He is currently the CTO of a major US-based institutional alternative trading system.



Jim has been working in Agile and DevOps environments in financial services for several years. His first experience with incremental and iterative ("step-by-step") development was back in the early 1990s, when he worked at a West Coast tech firm that developed, tested, and shipped software in monthly releases to customers around the world—he didn't realize how unique that was at the time. Jim is active in the DevOps and AppSec communities, is a contributor to the Open Web Application Security Project (OWASP), and occasionally helps out as an analyst for the SANS Institute. View Jim Bird's full profile page.