Agile Application Security

Enabling Security in a Continuous Delivery Pipeline

Agile Application Security

Agile continues to be the most adopted software development methodology among organizations worldwide, but it generally hasn't integrated well with traditional security management techniques. And most security professionals aren’t up to speed in their understanding and experience of agile development. To help bridge the divide between these two worlds, this practical guide introduces several security tools and techniques adapted specifically to integrate with agile development. Written by security experts and agile veterans, this book begins by introducing security principles to agile practitioners, and agile principles to security practitioners. The authors also reveal problems they encountered in their own experiences with agile security, and how they worked to solve them. You’ll learn how to: Add security practices to each stage of your existing development lifecycle Integrate security with planning, requirements, design, and at the code level Include security testing as part of your team’s effort to deliver working software in each release Implement regulatory compliance in an agile or DevOps environment Build an effective security program through a culture of empathy, openness, transparency, and collaboration

Agile Processes in Software Engineering and Extreme Programming

11th International Conference, XP 2010, Trondheim, Norway, June 1-4, 2010, Proceedings

Agile Processes in Software Engineering and Extreme Programming

This book contains the refereed proceedings of the 11th International Conference on Agile Software Development, XP 2010, held in Trondheim, Norway, in June 2010. In order to better evaluate the submitted papers and to highlight the applicational aspects of agile software practices, there were two different program committees, one for research papers and one for experience reports. Regarding the research papers, 11 out of 39 submissions were accepted as full papers; and as far as the experience reports were concerned, the respective number was 15 out of 50 submissions. In addition to these papers, this volume also includes the short research papers, the abstracts of the posters, the position papers of the PhD symposium, and the abstracts of the panel on “Collaboration in an Agile World”.

Continuous Delivery in Java

Essential Tools and Best Practices for Deploying Code to Production

Continuous Delivery in Java

Continuous delivery adds enormous value to the business and the entire software delivery lifecycle, but adopting this practice means mastering new skills typically outside of a developer’s comfort zone. In this practical book, Daniel Bryant and Abraham Marín-Pérez provide guidance to help experienced Java developers master skills such as architectural design, automated quality assurance, and application packaging and deployment on a variety of platforms. Not only will you learn how to create a comprehensive build pipeline for continually delivering effective software, but you’ll also explore how Java application architecture and deployment platforms have affected the way we rapidly and safely deliver new software to production environments. Get advice for beginning or completing your migration to continuous delivery Design architecture to enable the continuous delivery of Java applications Build application artifacts including fat JARs, virtual machine images, and operating system container (Docker) images Use continuous integration tooling like Jenkins, PMD, and find-sec-bugs to automate code quality checks Create a comprehensive build pipeline and design software to separate the deploy and release processes Explore why functional and system quality attribute testing is vital from development to delivery Learn how to effectively build and test applications locally and observe your system while it runs in production

Agile Application Lifecycle Management

Using DevOps to Drive Process Improvement

Agile Application Lifecycle Management

Integrate Agile ALM and DevOps to Build Better Software and Systems at Lower Cost Agile Application Lifecycle Management (ALM) is a comprehensive development lifecycle that embodies essential Agile principles and guides all activities needed to deliver successful software or systems. Agile ALM embodies Agile Configuration Management (CM) and much more. Flexible and robust, it offers “just enough process” to get the job done and leverages DevOps to enhance interactions among all participants. Agile Application Lifecycle Management offers practical advice and strategies for implementing Agile ALM in your complex environment. Leading experts Bob Aiello and Leslie Sachs show how to fully leverage Agile benefits without sacrificing structure, traceability, or repeatability. You’ll find realistic guidance for managing source code, builds, environments, change control, releases, and more. The authors help you support Agile in organizations that maintain traditional practices; conventional ALM systems; or siloed, non-Agile teams. They also show how to scale Agile ALM to large or distributed teams, and to environments from cloud to mainframe. Coverage includes Understanding key concepts underlying modern application and system lifecycles Creating your best processes for developing your most complex software and systems Automating build engineering, continuous integration, and continuous delivery/deployment Enforcing Agile ALM controls without compromising productivity Creating effective IT operations that align with Agile ALM processes Gaining more value from testing and retrospectives Making ALM work in the cloud, and across the enterprise Preparing for the future of Agile ALM Today, you need maximum control, quality, and productivity, and this guide will help you achieve those by using Agile ALM, CM, and DevOps together.

Secure, Resilient, and Agile Software Development

Secure, Resilient, and Agile Software Development

A collection of best practices and effective implementation recommendations that are proven to work, Secure, Resilient, and Agile Software Development leaves the boring details of software security theory out of the discussion as much as possible to concentrate on practical applied software security for practical people. Written to aid your career as well as your organization, the book shows how to gain skills in secure and resilient software development and related tasks. The book explains how to integrate these development skills into your daily duties, thereby increasing your professional value to your company, your management, your community, and your industry. Secure, Resilient, and Agile Software Development was written for the following professionals: AppSec architects and program managers in information security organizations Enterprise architecture teams with application development focus Scrum teams DevOps teams Product owners and their managers Project managers Application security auditors With a detailed look at Agile and Scrum software development methodologies, this book explains how security controls need to change in light of an entirely new paradigm on how software is developed. It focuses on ways to educate everyone who has a hand in any software development project with appropriate and practical skills to Build Security In. After covering foundational and fundamental principles for secure application design, this book dives into concepts, techniques, and design goals to meet well-understood acceptance criteria on features an application must implement. It also explains how the design sprint is adapted for proper consideration of security as well as defensive programming techniques. The book concludes with a look at white box application analysis and sprint-based activities to improve the security and quality of software under development.

The 7 Qualities of Highly Secure Software

The 7 Qualities of Highly Secure Software

The 7 Qualities of Highly Secure Software provides a framework for designing, developing, and deploying hacker-resilient software. It uses engaging anecdotes and analogies—ranging from Aesop’s fables, athletics, architecture, biology, nursery rhymes, and video games—to illustrate the qualities that are essential for the development of highly secure software. Each chapter details one of the seven qualities that can make your software highly secure and less susceptible to hacker threats. Leveraging real-world experiences and examples, the book: Explains complex security concepts in language that is easy to understand for professionals involved in management, software development, and operations Specifies the qualities and skills that are essential for building secure software Highlights the parallels between the habits of effective people and qualities in terms of software security Praise for the Book: This will be required reading for my executives, security team, software architects and lead developers. —David W. Stender, CISSP, CSSLP, CAP, CISO of the US Internal Revenue Service Developing highly secure software should be at the forefront of organizational strategy and this book provides a framework to do so. —Troy Leach, CTO, PCI Security Standards Council This book will teach you the core, critical skills needed to raise the security bar on the attackers and swing the game in your favor. —Michael Howard, Principal Cyber Security Program Manager, Microsoft As a penetration tester, my job will be a lot harder as people read this book! —Kevin Johnson, Security Consultant, Secure Ideas

The Project Manager's Guide to Mastering Agile

Principles and Practices for an Adaptive Approach

The Project Manager's Guide to Mastering Agile

Streamline project workflow with expert agile implementation The Project Management Profession is beginning to go throughrapid and profound transformation due to the widespread adoption ofagile methodologies. Those changes are likely to dramaticallychange the role of project managers in many environments as we haveknown them and raise the bar for the entire project managementprofession; however, we are in the early stages of thattransformation and there is a lot of confusion about the impact ithas on project managers: There are many stereotypes and misconceptions that exist aboutboth Agile and traditional plan-driven project management, Agile and traditional project management principles andpractices are treated as separate and independent domains ofknowledge with little or no integration between the two andsometimes seen as in conflict with each other Agile and "Waterfall" are thought of as two binary,mutually-exclusive choices and companies sometimes try to force-fittheir business and projects to one of those extremes when the rightsolution is to fit the approach to the project It’s no wonder that many Project Managers might beconfused by all of this! This book will help project managersunravel a lot of the confusion that exists; develop a totally newperspective to see Agile and traditional plan-driven projectmanagement principles and practices in a new light as complementaryto each other rather than competitive; and learn to develop anadaptive approach to blend those principles and practices togetherin the right proportions to fit any situation. There are many books on Agile and many books on traditionalproject management but what’s very unique about this book isthat it takes an objective approach to help you understand thestrengths and weaknesses of both of those areas to see how they canwork synergistically to improve project outcomes in anyproject. The book includes discussion topics, real world casestudies, and sample enterprise-level agile frameworks thatfacilitate hands-on learning as well as an in-depth discussion ofthe principles behind both Agile and traditional plan-drivenproject management practices to provide a more thorough level ofunderstanding.

Modeling and Simulation Support for System of Systems Engineering Applications

Modeling and Simulation Support for System of Systems Engineering Applications

“...a much-needed handbook with contributions from well-chosen practitioners. A primary accomplishment is to provide guidance for those involved in modeling and simulation in support of Systems of Systems development, more particularly guidance that draws on well-conceived academic research to define concepts and terms, that identifies primary challenges for developers, and that suggests fruitful approaches grounded in theory and successful examples.” Paul Davis, The RAND Corporation Modeling and Simulation Support for System of Systems Engineering Applications provides a comprehensive overview of the underlying theory, methods, and solutions in modeling and simulation support for system of systems engineering. Highlighting plentiful multidisciplinary applications of modeling and simulation, the book uniquely addresses the criteria and challenges found within the field. Beginning with a foundation of concepts, terms, and categories, a theoretical and generalized approach to system of systems engineering is introduced, and real-world applications via case studies and examples are presented. A unified approach is maintained in an effort to understand the complexity of a single system as well as the context among other proximate systems. In addition, the book features: Cutting edge coverage of modeling and simulation within the field of system of systems, including transportation, system health management, space mission analysis, systems engineering methodology, and energy State-of-the-art advances within multiple domains to instantiate theoretic insights, applicable methods, and lessons learned from real-world applications of modeling and simulation The challenges of system of systems engineering using a systematic and holistic approach Key concepts, terms, and activities to provide a comprehensive, unified, and concise representation of the field A collection of chapters written by over 40 recognized international experts from academia, government, and industry A research agenda derived from the contribution of experts that guides scholars and researchers towards open questions Modeling and Simulation Support for System of Systems Engineering Applications is an ideal reference and resource for academics and practitioners in operations research, engineering, statistics, mathematics, modeling and simulation, and computer science. The book is also an excellent course book for graduate and PhD-level courses in modeling and simulation, engineering, and computer science.