Security is a key component of all systems, but it’s especially important when developing and deploying an application. As organizations move from traditional development models to continuous delivery, it’s critical to ensure security is embedded in every stage of the process. In her book, Agile Application Security: Enabling Security in a Continuous Delivery Pipeline, Laura Bell outlines a security-centric approach to agile and DevOps practices.
Bell begins the book by providing readers with an understanding of DevOps and the fundamentals of security-oriented development. She demonstrates how traditional application security processes don’t align with the speed of agile development cycles, and outlines why it’s essential to have security embedded in every stage of a continuous delivery pipeline.
Bell then dives into specific approaches and techniques organizations can use to achieve this goal. She covers security testing tools, such as static and dynamic analysis. She also discusses governance models and how to integrate security into the overall DevOps pipeline.
Bell dives into the specifics of security auditing and authorization processes. She emphasizes the need for developers to embrace the concept that security is everyone’s responsibility. She also explains how organizations can use automation to reduce manual labor and ensure security is built into existing best practices.
Finally, Bell examines how security can be managed at scale in large organizations. She outlines ways to ensure that applications remain secure no matter how quickly changes are implemented. She emphasizes governance principles and the importance of managing security across multiple teams.
Overall, Agile Application Security: Enabling Security in a Continuous Delivery Pipeline is an essential resource for organizations that want to understand the importance of security in a DevOps environment. Bell provides detailed guidance on how to incorporate security into existing best practices without significantly changing development or delivery processes. Organizations looking to increase their security posture should read this book to understand how to incorporate security into their continuous delivery pipelines.
