Application Security Podcast

AppSec Recommendations

March 9, 2018

Show Notes

Chris and Robert go over a plethora of recommendations they have accumulated over their years of experience in the industry.

Chris’s recommendations

1. Book: Agile Application Security: Enabling Security in a Continuous Delivery Pipeline

by Laura Bell (Author),‎ Michael Brunton-Spall (Author),‎ Rich Smith (Author),‎ Jim Bird (Author)

2. Website: Iron Geek

Adrian Crenshaw records many major, non-commercial security conferences and posts the talks to Youtube

3. Book: The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations

by Gene Kim  (Author),‎ Patrick Debois  (Author),‎ John Willis (Author),‎ Jez Humble  (Author)

4. News Source: The Register

News site, but has great sources and a bit of British humor attached to technology failures

5. Blog: TechBeacon

6. Book: Threat Modeling: Designing for Security

by Adam Shostack  (Author)

7. Book: The Tangled Web: A Guide to Securing Modern Web Applications

by Michal Zalewski  (Author)

8. Book: Start with Why: How Great Leaders Inspire Everyone to Take Action

by Simon Sinek  (Author)

Not a security book, but a good approach for those trying to change a security culture

Robert’s Recommendations

1. Books by Martin Fowler (Author)

He wrote many books on understanding Architecture.

2. Book: Software Security: Building Security In

by Gary McGraw (Author)

3. Book: Core Software Security: Security at the Source
by James Ransome (Author) and Anmol Misra (Author)

4. Book: Threat Modeling: Designing for Security

by Adam Shostack  (Author)

5. Websites: Troy Hunt

6. Conferences: #AppSec USA, , B-Sides, Source, Converge

7. Website: Google Alerts

Use this to be notified about specific topics you want to learn about.

8. Book: The Checklist Manifesto: How to Get Things Right

by Atul Gawande (Author)

9. Book Securing Systems: Applied Security Architecture and Threat Models

by Brook S. E. Schoenfield (Author)

10. Book: Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis

by Tony UcedaVelez (Author) and Marco M. Morano


Need more information about Security Journey? Get in touch.

Ready to start your journey?

Book a Demo