SecDevOps Risk Workflow
This book is 64% complete
Last updated on 2016-12-11
About the Book
This is a book about making developers more productive, embedding security practices into the SDL and ensuring that security risks are accepted and understood.
The focus is on the Dev part of SecDevOps, and on the challenges of creating Security Champions for all DevOps stages.
All content is released under an Creative Commons license (CC BY 3.0) and the GitHub repository Book_SecDevOps_Risk_Workflow contains all text, ideas and issues.
Based on real world applications of these ideas.
License
About the Author
Dinis Cruz is a Developer and Application Security Engineer focused on how to develop secure applications. A key drive is on 'Automating Application Security Knowledge and Workflows' which is the main concept behind the OWASP O2 Platform.
After many years (and multiple roles) Dinis is still very active at OWASP, currently leading the O2 Platform project and helping out other projects and initiatives.
After failing to scale his own security knowledge, learned Git, created security vulnerabilities in code published to production servers, delivered training to developers, and building multiple CI (Continuous Integration) environments; Dinis had the epiphany that the key to application security is "Secure Continuous Delivery: Developer’s Immediate Connection to What They’re Creating". This 'Immediate Connection/Feedback' concept is deep rooted in the development of the O2 Platform, and is something that will keep Dinis busy for many years.
Reader Testimonials
Elizabeth Lawler
CEO @ConjurInc
So good to see security issues represented a) in plain language and b) as feature which is non-confrontational!
Daniel Cuthbert
Co-author of the @OWASP ASVS standard
SecDevwhat? A great book on SecDevOps and why you should care.
The Leanpub Unconditional, No Risk, 100% Happiness Guarantee
Within 45 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
See full terms
