3 Must-Read Books for Application Security Manager

Today we will talk about the books that are ‘a must’ for application security manager. This is my choice, but if you have other nominees for “appsec bestseller”, please, share in comments. So, let’s start!

1. Hackable: How to Do Application Security Right. Ted Harrington. Who will be first to find vulnerabilities in code of your application, you or the hacker? The book tells what works in securing an application and what doesn’t, how hackers exploit applications, or how much to spend. The reader will learn how to eradicate security vulnerabilities, establish a threat model, and build security into the development process.

2. Alice and Bob Learn Application Security Paperback. Tanya Janca. Here you will find best practices of SSDLC, the basic subjects like threat modelling and security testing and more advanced as well. All the information is presented in real-life examples, technical explanations and diagrams.

3. Securing DevOps: Security in the Cloud. Julien Vehent. The book is dedicated to security of cloud services. Via case studies it shows how to build security into automated testing, continuous delivery, and other core DevOps processes. I’m generally convinced that the most clear and applicable advices should be supported by practical examples. Therefore, I recommend these books.