Holistic Info-Sec for Web Developers

Kim Carter
December 2017
Book Series Landing Page Related Workshop

Abstract

The book series begins (in Fascicle 0) by taking the reader to the 30,000’ view, so you can start to see the entire security landscape. Kim then attempts to explain a very simple threat modelling approach that Bruce Schneier created, called the Sensible Security Model (SSM). Kim takes the learnings from the first chapter and applies them to lower levels. Kim details how to set-up a security focussed distribution with all the tools and configuration options required for working through the book series. He then walks through the Process and Practises that the attackers often execute, and we take the learnings from that and train the defenders on how they can bring the finding of defects from the most expensive place to the cheapest place, within your Sprint cycles.

The rest of the book series (Fascicle 1 and 2) focusses on the specific areas addressed on the covers of each book. Allowing your purple team to create security focussed product backlog items and insert them into your usual Product Backlog.

Kim also runs workshops based on the content of this book for development teams wishing to improve their security stature.

Type
Book
Publication
Self Hosted and LeanPub
publication book agile application-security arp-poisoning arp-spoof asic ath9k-htc atdd backups bcrypt bithound blowfish burp-suite capabilities captcha cipher cloud cloud-security control-groups cracking crypto cryptography csrf css cybersecurity debian dev-ops dev-sec-ops dmz docker dot-net dsniff eksblowfish encryption exim express field-programmable-gate-arrays filtering fire-wall forever fpga free-and-open-source freebsd ftp gnu-linux gpg gpu hacking hash-dump hashing hids hips hmac holistic-info-sec-for-web-developers hydra ids information-security infosec ips javascript kali kali-linux kdf key-derivation-function linux logging lsass lsm namespaces macof md5 metasploit mimikatz mitm monit morgan mta networking network-security nids nightly-build nips nmap nodejs nodemailer npm ntp operational-efficiencies ossec owasp owasp-top-10 owasp-zap passenger pbkdf2 penetration-testing pm2 people-security pgp physical-security posix power-shell prf ps pseudorandom-function reconnaissance relp requiresafe retirejs rsyslog safenuget salt sanitisation scp scrum scrypt seccomp secure-boot security security-weaknesses selenium serverless sha-1 sha-2 sha-256 sniffing software-security sql-injection ssh stdd stealth supervisor sys-admin syslog systemd sysvinit tcp tdd telnet test testing tls tl-wn722n udp uefi upstart validation virtualbox virtualisation vps vps-security waf wce web web-application web-application-security web-security wi-fi winston winston-syslog winston-syslog-posix wireless wireless-networking wireshark xss zap
Kim Carter
Kim Carter
Technologist / Engineer, Information Security Professional

Technologist / Engineer, Information Security Professional, Entrepreneur and the founder of BinaryMist Ltd and PurpleTeam-Labs. Ex OWASP NZ Chapter Leader of eight years. Certified Scrum Master. Facilitator, mentor and motivator of cross functional, self managing teams. With a solid 20 years of commercial industry experience across many domains.