Review: Alice & Bob Learn Application Security
Tanya Janca, founder of We Hack Purple, an online learning academy, community and podcast that teaches how to create secure software, is also known as SheHacksPurple and is co-founder of WoSEC: Women of Security. Besides having twenty years of experience in coding and working in IT, she has also worked as a pentester, CISO, and software developer. She is a prominent public speaker, blogger and streamer.
Alice & Bob Learn Application Security
This book starts with the warning that insecure software is the number one reason for data breaches. Knowing that, it will now be the reader’s task to learn how to make it secure.
The author has divided the book into three major parts.
In the first part (What you must know to write code safe enough to put on the internet) she lays out security fundamentals, then talks about security requirements which stand at the base of the System Development Life Cycle (SDLC). Other important phases are secure design, secure code, testing and release.
She emphasizes the importance of following every single phase, since skipping any of them, or returning to them later, could make software development much harder and costly.
She concludes this first part by talking about common pitfalls in software development, and by pointing out that it is not enough to check the OWASP Top Ten list when creating a secure software – an overall defense strategy is much more important.
The second part of the book (What you should do to create very good code) focuses on testing and deployment, which are essential parts of the application building process. They make sure the application does what the client required, in a secure and reliable way. An essential part of this process is also having an application security program, which brings long term benefits to the organization since it makes sure it produces truly secure software.
What is also important is to always make sure to keep new technologies and applications secure.
The last part of the book (Helpful information on how to continue to create very good code) provides useful tips on how to keep good habits and continuously build knowledge.
Every chapter is enriched with practical examples, described through two fictional characters, Alice and Bob. The author puts them in various relatable situations and uses them to explain a particular issue, offering a solution which could easily be implemented in real life.
Every chapter also offers exercise questions that are useful to revise your newly gained knowledge or reexamine what you already know.
Who is it for?
Alice & Bob Learn Application Security is aimed at software developers, infosec pros and anyone who wishes to learn more about application security. The language is technical yet simple and clear, and the stories included make it a really fun book to read.
Most importantly, the book gives essential and useful information on how to create applications in a secure way, making sure your clients get exactly what they were looking for.