If you’re just starting out as an application developer or you’re a seasoned developer looking for a good review guide, there’s a new book from Wiley titled “Alice and Bob Learn Application Security” to assist with learning about the fundamentals of application security.
Application security is more important than ever with more vulnerabilities than ever being released to production in application code, the increasing number of attacks on web applications, including zero day attacks.
Attacks on applications are the number one reason for data breaches, so ensuring applications make it to production with the least number of vulnerabilities possible is essential.
The book has three major parts. The first part covers writing code while taking security into account, including the topics of secure design, secure code, testing and release. The second part of the book focuses on testing and deployment, essential parts of the application development process to ensuring application security. The last part of the book provides tips to the developer on how to continue to keep good habits and build knowledge.
If you’re wondering about the title, “Alice and Bob learn Application Security”, it’s because the book’s examples are described through the fictional characters of Alice and Bob, using them to explain issues and solutions.
This new book from Wiley may be just the thing you’re looking for if you’re a developer looking to get started with Application Security.
Here at K2 Cyber Security, we’d like to help out with your Application Security requirements. K2 offers an ideal runtime protection security solution that detects true zero-day attacks, while at the same time generates the least false positives and alerts. Rather than rely on technologies like signatures, heuristics, fuzzy logic, machine learning or AI, we use a deterministic approach to detect true zero-day attacks, without being limited to detecting attacks based on prior attack knowledge. Deterministic security uses application execution validation, and verifies the API calls are functioning the way the code intended. There is no use of any prior knowledge about an attack or the underlying vulnerability, which gives our approach the true ability to detect new zero-day attacks. Our technology has 8 patents granted/pending, and has no false alerts.
K2’s technology can also be used with DAST testing tools to provide IAST results during penetration and vulnerability testing. We’ve also recently published a video, The Need for Deterministic Security. The video explains why the technologies used in today’s security tools, including web application firewalls (WAFs) fail to prevent zero day attacks and how deterministic security fills the need for detecting zero day attacks. The video covers why technologies like artificial intelligence, machine learning, heuristics, fuzzy logic, pattern and signature matching fail to detect true zero day attacks, giving very specific examples of attacks where these technologies work, and where they fail to detect an attack.
The video also explains why deterministic security works against true zero day attacks and how K2 uses deterministic security. Watch the video now.
Change how you protect your applications, include RASP and check out K2’s application workload security.