Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Crafting Secure Software
  • Table Of Contents Toc
Crafting Secure Software

Crafting Secure Software

By : Greg Bulmash, Thomas Segura
5 (1)
Buy this Book
close
close
Crafting Secure Software

Crafting Secure Software

5 (1)
By: Greg Bulmash, Thomas Segura
Buy this Book

Overview of this book

Drawing from GitGuardian's extensive experience in securing millions of lines of code for organizations worldwide, Crafting Secure Software takes you on an exhaustive journey through the complex world of software security and prepares you to face current and emerging security challenges confidently. Authored by security experts, this book provides unique insights into the software development lifecycle (SDLC) and delivers actionable advice to help you mitigate and prevent risks. From securing code-writing tools and secrets to ensuring the integrity of the source code and delivery pipelines, you’ll get a good grasp on the threat landscape, uncover best practices for protecting your software, and craft recommendations for future-proofing against upcoming security regulations and legislation. By the end of this book, you’ll have gained a clear vision of the improvements needed in your security posture, along with concrete steps to implement them, empowering you to make informed decisions and take decisive action in safeguarding your software assets.
Table of Contents (11 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
Conventions used
Icon
Get in touch
Icon
Download a free PDF copy of this book
Lock Free Chapter
1
Chapter 1: Introduction to the Security Landscape
Icon
Chapter 1: Introduction to the Security Landscape
Icon
The evolving application security landscape
Icon
Supply chain attack case: SolarWinds
Icon
Where GitGuardian stands in the landscape
Icon
Summary
2
Chapter 2: The Software Supply Chain and the SDLC
Icon
Chapter 2: The Software Supply Chain and the SDLC
Icon
What is the software supply chain?
Icon
Common supply chain attack vectors and defenses
Icon
Threat modeling
Icon
Risk assessment
Icon
Real-world SSC attacks
Icon
Summary
3
Chapter 3: Securing Your Code-Writing Tools
Icon
Chapter 3: Securing Your Code-Writing Tools
Icon
Securing your IDE
Icon
Securing your VCS and SCM
Icon
Securing built-in CI/CD tools
Icon
Benefits and dangers of LLM-generated code
Icon
Summary
4
Chapter 4: Securing Your Secrets
Icon
Chapter 4: Securing Your Secrets
Icon
What are secrets?
Icon
Secrets in code
Icon
Secrets in tools
Icon
Secrets in artifacts
Icon
The importance of identity and access management (IAM)
Icon
Summary
5
Chapter 5: Securing Your Source Code
Icon
Chapter 5: Securing Your Source Code
Icon
Package managers and repositories
Icon
Testing SAST, DAST, and SCA
Icon
Creating and reading an SBOM
Icon
Think like a hacker: Ethical hacking
Icon
Summary
6
Chapter 6: Securing Your Delivery
chevron up
Icon
Chapter 6: Securing Your Delivery
Icon
What are build pipelines?
Icon
Securing build pipelines
Icon
Securing containers and artifacts
Icon
Securing deployments
Icon
Proactively detecting and rotating exposed secrets
Icon
Summary
7
Chapter 7: Security Compliance and Certification
Icon
Chapter 7: Security Compliance and Certification
Icon
What are legislators and regulators concerned about?
Icon
What are they demanding, and how can you address it?
Icon
Security frameworks
Icon
Proving you’re taking the right steps: Certification
Icon
Summary
8
Chapter 8: Best Practices to Drive Security Buy-In
Icon
Chapter 8: Best Practices to Drive Security Buy-In
Icon
Best practices to create a robust security defense
Icon
ROI in cybersecurity
Icon
Success stories
Icon
Summary
9
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Download a free PDF copy of this book
1
Appendix: Glossary of Acronyms and Abbreviations: Index
Icon
Appendix: Glossary of Acronyms and Abbreviations: Index
Icon
Why subscribe?

Securing Your Delivery

We have now arrived at the final step in building secure software—the secure assemblage and delivery of your code. In recent years, the SDLC has seen a major revolution in the way organizations produce and deliver modern software—the rise of DevOps, powered in large part, thanks to the new capacities offered by the cloud. Combined with the rise of the Agile methodology, this has allowed efforts to focus on applying automation to key stages of the SDLC. The result is a faster, higher-quality development cycle, leading to much higher value delivered to end users.

That said, software delivery is a complex process that presents its own risks. Events such as the massive breach at Equifax and the more recent SolarWinds incident have shown that even established companies with advanced security practices are susceptible to attacks.

In this chapter, we will focus on the final step of the SDLC, which involves continuous integration and continuous delivery...

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Crafting Secure Software
End of Section 6
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon