Development
Date: October 26, 2021
Categories: Resources
Development in the context of cybersecurity refers to the process of creating, testing, and deploying secure software and applications. This involves the use of secure coding practices, such as input validation, error handling, and security testing, to prevent the introduction of vulnerabilities and weaknesses into the software. Cybersecurity development also includes the use of tools and techniques, such as code analysis and security testing, to detect and address potential security issues early in the development process. The goal of cybersecurity development is to deliver software that is secure and resilient against cyber threats, thereby protecting both the users of the software and the organizations that develop and deploy it.
- API Security in Action book covers a wide range of topics in API security, including secure development, token-based authentication, JSON Web Tokens, OAuth 2, and Macaroons. It is currently available in early access, with the final release expected in the summer of 2020. The book is continuously published, ensuring that readers have access to the latest information and best practices.
- Secure by Design book is focused on identifying design patterns and coding styles that can help reduce the risk of security vulnerabilities. It provides practical tips and strategies for developers to create more secure applications from the start. The book is also available in early access, with the final release expected in the fall of 2017.
- Understanding API Security free eBook sampler provides a comprehensive overview of API security and how it works in the real world. It offers a clear and concise explanation of how APIs are put together and how the OAuth protocol can be used to protect them.
- OAuth 2 in Action book teaches the practical use and deployment of OAuth 2 from three different perspectives: a client, an authorization server, and a resource server. It provides hands-on examples and real-world scenarios to help readers understand how to implement OAuth 2 in their own projects.
- OWASP ZAP Node API allows developers to leverage the OWASP Zed Attack Proxy (ZAP) within their NodeJS applications. It provides an easy-to-use interface to access the full range of ZAP’s security testing and scanning capabilities.
- GuardRails provides security feedback on Pull Requests, making it easier for developers to catch potential security vulnerabilities before they make it into production. GuardRails integrates directly with GitHub, providing automated security checks and feedback within the development workflow.
- Checkov static analysis tool is specifically designed for infrastructure as code (Terraform). It scans Terraform code for potential security vulnerabilities, misconfigurations, and compliance issues, helping organizations to reduce the risk of security breaches.
- TFSec static analysis tool is also designed for infrastructure as code (Terraform). It provides a comprehensive security analysis of Terraform code, helping organizations to identify and remediate potential security vulnerabilities.
- KICS tool scans infrastructure as code (IaC) projects for security vulnerabilities, compliance issues, and infrastructure misconfigurations. It currently supports Terraform projects, Kubernetes manifests, Dockerfiles, AWS CloudFormation Templates, and Ansible playbooks.
- Insider CLI open-source Static Application Security Testing (SAST) tool is written in GoLang and supports Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C# and Javascript (Node.js). It provides a fast and efficient way to identify potential security vulnerabilities in application code.
- Full Stack Python Security comprehensive guide to cybersecurity for Python developers covers a wide range of topics, from secure coding practices to protecting against common threats like SQL injection and cross-site scripting.
- Making Sense of Cyber Security is a jargon-free, practical guide is perfect for anyone looking to understand the key concepts, terminology, and technologies of cybersecurity. Whether you’re planning or implementing a security strategy, this guide will provide a clear and concise overview of the field. The final release is expected in early 2022 and it is available in early access.