Security practitioners are under the constant need to keep up to date and continue their learning, just to keep up with the ever changing tactics of cyber criminals. It’s one of the reasons, to keep an eye out for useful books to enhance and broaden our knowledge base. A recent article covered useful application security books available on Amazon. The article covers 4 useful books for application security, and the books cover a wide range of topics from traditional application security to penetration testing and DevOps.
The first recommended book is a true classic, “Web Application Security” published by O’Reilly. O’Reilly is well known for publishing industry standard reference books, and they offer one on web application security. The book is by Andrew Hoffman, Senior Security Engineer at Salesforce, and covers common web application vulnerabilities, critical application hacking techniques, developing and deploying customized exploits, mitigating hacking, and integrating secure coding best practices.
The second book on the list is specific to Azure environments, “Pentesting Azure Applications: The Definitive Guide to Testing and Securing Deployments,” by Matt Burrough, an advanced intrusion tester with a bachelor’s degree in networking, security, and systems management and a master’s degree in computer science. While this book is for Azure environments, even if you’re not an Azure shop, there may be nuggets useful for other platforms as well, including standard and best practices.
The third book on the list is “The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws.” This book is in its second edition and is written by Port Swigger founder and CEO Dafydd Stuttard and application and database security expert Marcus Pinto. The book covers new technologies and techniques for protecting web applications from attacks and breaches.
The final book on the list is “Securing DevOps: Security in the Cloud” by Julien Vehent, security architect and DevOps advocate of Mozilla’s Firefox Operations Security team, and covers a continuous security approach using test-driven security, cloud service security technologies and responding to incidents.
If you’re still looking for resources after reviewing this list, we previously covered other valuable application security books, including this blog article on a new application security book, and this other blog article on seven cyber security books for your bookshelf.
Here at K2 Cyber Security, we’d like to help out with your RASP and IAST requirements. K2 offers an ideal runtime protection security solution that detects true zero-day attacks, while at the same time generates the least false positives and alerts. Rather than rely on technologies like signatures, heuristics, fuzzy logic, machine learning or AI, we use a deterministic approach to detect true zero-day attacks, without being limited to detecting attacks based on prior attack knowledge. Deterministic security uses application execution validation, and verifies the API calls are functioning the way the code intended. There is no use of any prior knowledge about an attack or the underlying vulnerability, which gives our approach the true ability to detect new zero-day attacks. Our technology has 8 patents granted/pending, and has no false alerts.
We’ve also recently published a video, The Need for Deterministic Security. The video explains why the technologies used in today’s security tools, including web application firewalls (WAFs) fail to prevent zero day attacks and how deterministic security fills the need for detecting zero day attacks. The video covers why technologies like artificial intelligence, machine learning, heuristics, fuzzy logic, pattern and signature matching fail to detect true zero day attacks, giving very specific examples of attacks where these technologies work, and where they fail to detect an attack.
The video also explains why deterministic security works against true zero day attacks and how K2 uses deterministic security. Watch the video now.
Change how you protect your applications, include RASP and check out K2’s application workload security.