Holistic InfoSec For Web Developers, Fascicle 1: VPS, Network, Cloud and Web Applications
This book is 70% complete
Last updated on 2017-07-24
About the Book
Fascicle 1 focusses on:
- VPS
- Networks
- Cloud
- Web Applications
Target finish for Fascicle 1 is early to mid of 2017.
Description
This book begins by taking the reader to the 30,000’ view, so you can start to see the entire security landscape. I then attempt to explain a very simple threat modelling approach that I believe Bruce Schneier created, called the Sensible Security Model (SSM). We take the learnings from the first chapter and apply them to lower levels. I detail how to set-up a security focussed distribution with all the tools and configuration options required for working through the book. We then walk through the Process and Practises that the attackers often execute, and we take the learnings from that and train the defenders on how they can bring the finding of defects from the most expensive place to the cheapest place, within your Sprint cycles. The rest of the book focusses on the specific areas addressed on the cover of this book.
Purpose
My intention with “Holistic Info-Sec for Web Developers” is in many ways to help you answer your own questions and show you that creating systems and arming people to withstand the types of attacks commonly encounted today is not out of reach of mere mortals. That by simply lifting the lower hanging fruit for an attacker often means they will move on to an easier target. Unless they are specifically targeting you. In which case you should find many of the risks and countermeasures I address, effective for increasing the difficulty for your attacker, and thus dramatically increasing your chances of defence and counter-attack.
Bundles that include this book
About the Author
Senior Technology Architect / Engineer, Information Security Professional, Entrepreneur and the founder of binarymist.io. OWASP NZ Chapter Leader for Christchurch. Certified Scrum Master. Facilitator, mentor and motivator of cross functional, self managing teams. With a solid 15 years of commercial industry experience, Kim Carter Enjoys teaching others how to apply information security to their Agile processes, bringing the security focus up front where it's the cheapest to implement. Increasing profit and reducing costs. International trainer, speaker and published author focusing on
- Software and network architecture
- Web development and engineering
- Information security
Kim is also a regular blog poster at http://blog.binarymist.net. Kim loves designing and creating robust software and networks, breaking software and networks, then fixing them and helping organisations increase productivity.
About the Contributors
Editor
Technical Editor
The Leanpub Unconditional, No Risk, 100% Happiness Guarantee
Within 45 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
See full terms
