Application Security Program Handbook by Derek Fisher;
Author:Derek Fisher; [Fisher, Derek]
Language: eng
Format: epub
Publisher: Simon & Schuster
Published: 0101-01-01T00:00:00+00:00
5.1.3 How to close the gap
So, what does this mean for an organization that wants to raise their security posture without having to hire a massive army of penetration testers, security engineers, and security architects? When you canât afford a car, but you need to drive to the store, find a friend who has one and borrow theirs.
Look for the helpers. You will always find people who are helping.
âFred Rogers
Getting anything done in application security usually means that you will be borrowing time from the resources in engineering or at least working with the product and engineering teams to jostle for space in their releases. In most cases you will want to make this as transparent and open as possible. Nothing drives a manager more crazy, me included, than their team getting pulled into tasks that are unrelated to the work they should be doing. However, security is everyoneâs responsibility, right? Itâs also the responsibility of the application security team to make sure that the engineering team understands what needs to be done and provides the most amount of support they can.
One approach to making this work is by engaging with the engineering leadership on a regular basis to ensure that priorities are aligned. This isnât just application security priorities, but also the priorities of the product. You will not advance security if you are bringing only your problems and needs to the table. Listening to the product team and the engineering team about their concerns with security and their pain points when it comes to balancing security with feature releases will go a long way. To effectively spread security in the engineering organization, you need to build a relationship that is developed with mutual trust and support in mind.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(7792)
Grails in Action by Glen Smith Peter Ledbrook(7705)
Configuring Windows Server Hybrid Advanced Services Exam Ref AZ-801 by Chris Gill(6667)
Azure Containers Explained by Wesley Haakman & Richard Hooper(6659)
Running Windows Containers on AWS by Marcio Morales(6183)
Kotlin in Action by Dmitry Jemerov(5076)
Microsoft 365 Identity and Services Exam Guide MS-100 by Aaron Guilmette(4968)
Combating Crime on the Dark Web by Nearchos Nearchou(4559)
Microsoft Cybersecurity Architect Exam Ref SC-100 by Dwayne Natwick(4441)
Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can't Afford to Be Left Behind by Charles Babcock(4426)
The Ruby Workshop by Akshat Paul Peter Philips Dániel Szabó and Cheyne Wallace(4223)
The Age of Surveillance Capitalism by Shoshana Zuboff(3964)
Python for Security and Networking - Third Edition by José Manuel Ortega(3795)
Learn Windows PowerShell in a Month of Lunches by Don Jones(3515)
The Ultimate Docker Container Book by Schenker Gabriel N.;(3464)
Mastering Python for Networking and Security by José Manuel Ortega(3362)
Learn Wireshark by Lisa Bock(3361)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3338)
Blockchain Basics by Daniel Drescher(3308)
