Application Security Podcast

AppSec Recommendations

March 9, 2018
Season
Episode

Show Notes

Chris and Robert go over a plethora of recommendations they have accumulated over their years of experience in the industry.

Chris’s recommendations

1. Book: Agile Application Security: Enabling Security in a Continuous Delivery Pipeline

by Laura Bell (Author),‎ Michael Brunton-Spall (Author),‎ Rich Smith (Author),‎ Jim Bird (Author)

https://amzn.com/1491938846

2. Website: Iron Geek

Adrian Crenshaw records many major, non-commercial security conferences and posts the talks to Youtube

http://www.irongeek.com/

3. Book: The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations

by Gene Kim  (Author),‎ Patrick Debois  (Author),‎ John Willis (Author),‎ Jez Humble  (Author)

https://amzn.com/1942788002

4. News Source: The Register

News site, but has great sources and a bit of British humor attached to technology failures

http://www.theregister.co.uk/security/

5. Blog: TechBeacon

https://www.techbeacon.com

6. Book: Threat Modeling: Designing for Security

by Adam Shostack  (Author)

https://amzn.com/1118809998

7. Book: The Tangled Web: A Guide to Securing Modern Web Applications

by Michal Zalewski  (Author)

https://amzn.com/B006FZ3UNI

8. Book: Start with Why: How Great Leaders Inspire Everyone to Take Action

by Simon Sinek  (Author)

Not a security book, but a good approach for those trying to change a security culture

https://amzn.com/B002Q6XUE4

Robert’s Recommendations

1. Books by Martin Fowler (Author)

He wrote many books on understanding Architecture.

https://martinfowler.com/books/

2. Book: Software Security: Building Security In

by Gary McGraw (Author)

http://a.co/5EIlu4h

3. Book: Core Software Security: Security at the Source
by James Ransome (Author) and Anmol Misra (Author)

http://a.co/hEwCflz

4. Book: Threat Modeling: Designing for Security

by Adam Shostack  (Author)

https://amzn.com/1118809998

5. Websites: Troy Hunt

https://www.troyhunt.com/

https://haveibeenpwned.com/

6. Conferences: #AppSec USA, , B-Sides, Source, Converge

https://2018.appsecusa.org/

http://www.securitybsides.com

https://sourceconference.com/

https://www.convergeconference.org/

7. Website: Google Alerts

Use this to be notified about specific topics you want to learn about.

https://www.google.com/alerts

8. Book: The Checklist Manifesto: How to Get Things Right

by Atul Gawande (Author)

http://a.co/dirHpwq

9. Book Securing Systems: Applied Security Architecture and Threat Models

by Brook S. E. Schoenfield (Author)

http://a.co/hiRVTOf

10. Book: Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis

by Tony UcedaVelez (Author) and Marco M. Morano

http://a.co/hwbZtX1

Transcript

Need more information about Security Journey? Get in touch.

Ready to start your journey?

Book a Demo