Agile Application Security: Enabling Security in a Continuous Delivery Pipeline

This book could not have come at a better time. With the growing threats to critical infrastructure and IoT, which my company produces, guidance on how to practically integrate security into your SDLC is critical. I have read a few books that either get so into the weeks as to make the process unobtainable, or are so high level I leave without knowing what I need to do next to realize Secure SDLC. I presented to a large conference of ICS and IoT developers this week and quoted a few sections of Laura Bell and teams book. They have a very concise and understandable way of presenting and describing complex topics to make them manageable. The book does a great job of introducing the concepts of Secure SDLC to both developers and security professionals to equip them with the knowledge they need. I appreciated the If this, then that, flow in the beginning to help the reader self classify as either a developer or security professional, then point them to which chapters they should start with. Really saved me some time and the sections were spot on in their content and guidance.Overall great book. I have earmarked quite a few pages and even had to get the highlighter out. Most of my development teams are more than likely going to purchase it...

Good book that helps folks get a grip on the iterative nature of agile and how security professionals can engage successfully.

I'm hopeful that this book will become a handbook to agile development teams around the world seeking the opportunity to produce more secure code and improve their application security posture. I recommend that readers start with Chapter 16 "What Does Agile Security Mean" as it's great to get context from the authors first before jumping into the material of the book.The authors represented the honest struggle that application teams face day to day trying to make their applications more secure. Software has constant threats, whether is poor design, software anti-patterns, unnecessarily exposed attack surfaces, insecure software libraries, etc...The authors took the time emphasize the importance of build security into the build pipeline. Agile development teams should strive to achieve as much measured quality in their CI build pipeline.I happen to work with one of the software companies mentioned in the book. While my team is flattered to be referenced among many amazing companies, it's not my intention to write this review on my company's behalf. Rather, I want to commend the authors for putting out a great foundational resource for educating the agile development community about application security.

This book is an excellent resource for cyber security engineers with an infrastructure background and limited coding experience. Very well laid out and at the right level. Contains many references, which will make for further reading.

It is not often I read a book, and all the ideas and suggestions in it resonate well with me, and I want to read to the end, and I even make notes and follow the suggested articles. I think all the Security People, Developers, Scrum Master, Product Owners and Architects who are struggling to figure out how the various development processes under the Agile banner can work securely, should read and understand this book. It offers some excellent and practical ideas to base a good conversation about getting security done in an enabling, positive way. A great read, which I strongly recommend!

Very good Agile security book!Recommend!

Highly recommended.

This book gives you that holistic view on information security in an agile environment. It is a collection of topics that rarely covered in other books. The delivery is entertaining an clear. Although some of the tools mentioned are now outdated, but the approaches are extremely useful even Today.

I recommend this book for all infosec professionals who want to train themselves into Agile development, as well as for developers who want to learn more about Infosec!

Highly recommend this book for anyone wanting to better understand various AppSec program components and understand how you can do AppSec in an Agile and/or DevOps environment.

Interesting book, gives you a couple of useful ideas, although, the first couple of chapters are not necessary for a dev. In case you are in operations, it might give you some insight in developer thinking and way organizing your work.

This book is amazing.