Skip to content

Latest commit

 

History

History
58 lines (37 loc) · 4.93 KB

README.md

File metadata and controls

58 lines (37 loc) · 4.93 KB

Awesome Product Security

Articles

Ryan McGeehan: Building a Product Security Team (2015)
David Wachtfogel: AppSec: Where InfoSec meets ProdSec (2018)
lcamtuf: Getting product security engineering right (2018)
Julian Cohen: Product Security Framework (2018)
Leif Dreizler: Shifting Engineering Right: What security engineers can learn from DevSecOps (2021)
Kelly Shortridge: The Security Obstructionism (SecObs) Market (2022)

White papers

SANS: Corporate vs. Product Security (2013)

Training

SecDim - Learn AppSec the fun way

Talks

Astha Singhal: Product Security lessons from Incident Response (2020)

Books

The Art of Software Security Assessment (2007)
The Art of Software Security Assessment covers the full spectrum of software vulnerabilities in both UNIX/Linux and Windows environments. It demonstrates how to audit security in applications of all sizes and functions, including network and Web software. Moreover, it teaches using extensive examples of real code drawn from past flaws in many of the industry's highest-profile applications.

Agile Application Security (2017)
Agile continues to be the most adopted software development methodology among organizations worldwide, but it generally hasn't integrated well with traditional security management techniques. And most security professionals aren’t up to speed in their understanding and experience of agile development. To help bridge the divide between these two worlds, this practical guide introduces several security tools and techniques adapted specifically to integrate with agile development.

Securing DevOps (2018)
Securing DevOps explores how the techniques of DevOps and security should be applied together to make cloud services safer. This introductory book reviews the latest practices used in securing web applications and their infrastructure and teaches you techniques to integrate security directly into your product.

DevSecOps (2020)
A structured approach to integrating security capabilities into your engineering process is an essential requirement for producing secure software without compromising the integrity of the DevOps framework.

Alice and Bob Learn Application Security (2020)
Alice and Bob Learn Application Security is an accessible and thorough resource for anyone seeking to incorporate, from the beginning of the System Development Life Cycle, best security practices in software development. This book covers all the basic subjects such as threat modeling and security testing, but also dives deep into more complex and advanced topics for securing modern software systems and architectures

Security Engineering (2020)
In Security Engineering: A Guide to Building Dependable Distributed Systems, Third Edition Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack.

Designing Secure Software (2021)
Designing Secure Software consolidates Loren Kohnfelder’s more than twenty years of experience into a concise, elegant guide to improving the security of technology products. Written for a wide range of software professionals, it emphasizes building security into software design early and involving the entire team in the process.

Frameworks

OWASP SAMM
SAMM provides an effective and measurable way for all types of organizations to analyze and improve their software security posture.

BSIMM
Building Security In Maturity Model (BSIMM) helps organizations plan, implement, and measure their software security initiatives.

See also

paragonie/awesome-appsec
TaptuIT/awesome-devsecops