Here are 45 books that Agile Application Security fans have personally recommended if you like
Agile Application Security.
Shepherd is a community of 10,000+ authors and super readers sharing their favorite books with the world.
Shepherd is reader supported. When you buy books, we may earn an affiliate commission.
Being able to understand and change reality through our knowledge and skill is literal magic. We’re building systems with so many exciting and unexpected properties that can be exploited and repurposed for both good and evil. I want to keep some of that magic and help people engineer – build great systems that make people’s lives better. I’ve been securing (and breaking) systems, from operating rooms to spaceships, from banks to self-driving cars for over 25 years. The biggest lesson I’ve learned is that if security is not infused from the start, we’re forced to rely on what ought to be our last lines of defense. This list helps you infuse security into your systems.
This book captures lessons from many authors at Google, some of whom I’ve worked with over the years. The chapters on availability (7, 8, 9) were a revelation to me. I had no idea how Google approaches the topic of resilience and recovery in their systems, and I now think of the whole topic very differently. The biggest takeaway is how to think about the design of systems.
Can a system be considered truly reliable if it isn't fundamentally secure? Or can it be considered secure if it's unreliable? Security is crucial to the design and operation of scalable systems in production, as it plays an important part in product quality, performance, and availability. In this book, experts from Google share best practices to help your organization design scalable and reliable systems that are fundamentally secure.
Two previous O'Reilly books from Google-Site Reliability Engineering and The Site Reliability Workbook-demonstrated how and why a commitment to the entire service lifecycle enables organizations to successfully build, deploy, monitor, and maintain…
Being able to understand and change reality through our knowledge and skill is literal magic. We’re building systems with so many exciting and unexpected properties that can be exploited and repurposed for both good and evil. I want to keep some of that magic and help people engineer – build great systems that make people’s lives better. I’ve been securing (and breaking) systems, from operating rooms to spaceships, from banks to self-driving cars for over 25 years. The biggest lesson I’ve learned is that if security is not infused from the start, we’re forced to rely on what ought to be our last lines of defense. This list helps you infuse security into your systems.
Loren’s been contributing to security for over 40 years, and this book captures his hard-won wisdom in a way that’s both humble and accessible. It scales from principles and design approaches to in-depth explanations of exactly how things go wrong and how to avoid those problems. (Also, I was honored to write the foreword.)
Designing Secure Software consolidates Loren Kohnfelder's more than twenty years of experience into a concise, elegant guide to improving the security of technology products. Written for a wide range of software professionals, it emphasizes building security into software design early and involving the entire team in the process. The book begins with a discussion of core concepts. The second part, perhaps this book's most important contribution, covers the process of designing and reviewing a software design with security considerations in mind. The final section details the most common coding flaws that create vulnerabilities, making copious use of code snippets written…
I am an international authority for my award-winning research on the Vested® business model for highly collaborative relationships. I began my research in 2003 researching what makes a difference in successful strategic business deals. My day job is being the lead faculty and researcher for the University of Tennessee’s Certified Deal Architect program; my passion is helping organizations and individuals learn the art, science, and practice of crafting highly collaborative win-win strategic business relationships. My work has led to seven books and three Harvard Business Review articles. I’ve also shared my advice on CNN International, Bloomberg, NPR, and on Fox Business News.
You might ask why I am recommending a book on change management for a book list on structuring business deals. It is because anytime two organizations come together in a business deal something will change within their organizations. All too often people rush to sign the deal and forget there that often hundreds of critical changes behind the scenes are needed for the deal to be a success long after the ink is dry. If you are structuring a big business deal this book will help you think two steps ahead to lay the foundation so the organization can implement the changes needed.
The international bestseller--now with a new preface by author John Kotter. Millions worldwide have read and embraced John Kotter's ideas on change management and leadership. From the ill-fated dot-com bubble to unprecedented M&A activity to scandal, greed, and ultimately, recession--we've learned that widespread and difficult change is no longer the exception. It's the rule. Now with a new preface, this refreshed edition of the global bestseller Leading Change is more relevant than ever. John Kotter's now-legendary eight-step process for managing change with positive results has become the foundation for leaders and organizations across the globe. By outlining the process every…
Being able to understand and change reality through our knowledge and skill is literal magic. We’re building systems with so many exciting and unexpected properties that can be exploited and repurposed for both good and evil. I want to keep some of that magic and help people engineer – build great systems that make people’s lives better. I’ve been securing (and breaking) systems, from operating rooms to spaceships, from banks to self-driving cars for over 25 years. The biggest lesson I’ve learned is that if security is not infused from the start, we’re forced to rely on what ought to be our last lines of defense. This list helps you infuse security into your systems.
Boeing used to be a paragon of how engineering-driven companies could deliver amazing products and amazing profits. This book chronicles how that changed, and how Boeing lost its guiding principles. It shows how prioritizing the stock price over the business or the people who flew in its planes led to decisions that literally killed hundreds of people. Engineering concerns were regularly set aside for schedule or cost reasons. Most of us don’t work on products whose failures cause hundreds of deaths, but there’s an important lesson about being proud of the work you do and the products you deliver, and how that can make for a great business.
NEW YORK TIMES BUSINESS BESTSELLER • A suspenseful behind-the-scenes look at the dysfunction that contributed to one of the worst tragedies in modern aviation: the 2018 and 2019 crashes of the Boeing 737 MAX.
An "authoritative, gripping and finely detailed narrative that charts the decline of one of the great American companies" (New York Times Book Review), from the award-winning reporter for Bloomberg.
Boeing is a century-old titan of industry. It played a major role in the early days of commercial flight, World War II bombing missions, and moon landings. The planemaker remains a cornerstone of the U.S. economy, as…
I have worked in IT for over 25 years, creating and securing software. I am completely obsessed with ensuring that our software is more reliable, that its integrity can be trusted, and that it keeps our secrets safe. I am not only a computer scientist but an ethical hacker who works hard to create a dialogue between software developers and all of the people who work in our security industry. I am a teacher, a community leader, and a computer nerd who shares messages and lessons wherever she goes.
This book is set in the same universe as The Phoenix Project and The Unicorn Project, but it's at a new company named investments unlimited.
It's also a fictitious story, but with all brand new characters, and brand new problems! In this book they cover security much more deeply than any of the other previous books, talking about how compliance and audit can work together with the information security and DevOps teams.
They talk about common problems that I have faced in many organizations, and a lot of the stories feel so familiar I wonder if the authors have followed me around throughout my career.
Although of course they save the day in the end, there are many parts of the book where we're not quite sure if they're going to make it or not with various characters learning to see things in new ways, so that they can make…
In the vein of the bestselling The Phoenix Project and The Unicorn Project, Investments Unlimited radically rethinks how organizations can handle the audit, compliance, and security of their software systems-even in highly regulated industries. By introducing concepts, tools, and ideas to reimagine governance, Investments Unlimited catalyzes a more humane way to enable high-velocity software delivery that is inherently more secure.
Investments Unlimited, Inc. has accomplished what many other firms in their industry have failed to do: they have successfully navigated the transition from legacy ways of working to the digital frontier. With the help of DevOps practices, Investments Unlimited delivers…
As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.
This book is a “how-to” guide for teams developing secure software. Written by a team of experts, it covers the important issues in developing software that is better able to prevent successful attacks. The book contains many references, a strategy, and an implementation guide with cross-references. For each topic, the maturity of practice at the time of writing is provided, as well as an indication of the audience.
"This book's broad overview can help an organization choose a set of processes, policies, and techniques that are appropriate for its security maturity, risk tolerance, and development style. This book will help you understand how to incorporate practical security techniques into all phases of the development lifecycle."
-Steve Riley, senior security strategist, Microsoft Corporation
"There are books written on some of the topics addressed in this book, and there are other books on secure systems engineering. Few address the entire life cycle with a comprehensive overview and discussion of emerging trends and topics as well as this one."
I have been an information technology and cybersecurity professional for over two decades. I’ve learned over and over again that “people are the weakest link.” You can build the most secure system in the world, with stringent password requirements. But if the user writes their password down and leaves it where someone else can see it, system security is irrelevant! The easiest way to gain access to a system is via “social engineering” – to trick a human being into giving you the access you need, rather than trying to hack the systemitself. The books on this list will help the reader lower their chances of being exploited like this.
Security expert Bruce Schneier wrote this excellent book, talking about the “Goliaths” who are looking to exploit individuals’ data. Focusing more on politics (specifically US politics) than the other books on this list, Schneier talks about the Edward Snowden classified information reveal. He talks about mass surveillance conducted by the US and other governments around the world, and lays out in detail why this should concern us all.
Data is everywhere. We create it every time we go online, turn our phone on (or off) or pay with a credit card. This data is stored, studied, bought and sold by companies and governments for surveillance and for control. "Foremost security expert" (Wired) Bruce Schneier shows how this data has led to a double-edged Internet-a Web that gives power to the people but is abused by the institutions on which those people depend.
In Data and Goliath, Schneier reveals the full extent of surveillance, censorship and propaganda in society today, examining the risks of cybercrime, cyberterrorism and cyberwar. He…
I am an information architect, writer, and community organizer on a mission to make information architecture education accessible to everybody. I started practicing IA in pure pursuit of stronger visual design, but in the two decades since have developed an insatiable appetite for understanding and teaching the practical skills that make people better sensemakers, regardless of their role or medium. The books I chose for this list are all foundational to me becoming the sensemaker that I am today. I offer them as suggestions because they are not the books you will find should you search for “Information Architecture” yet they have all become my go-to recommendations for helping others to strengthen their own sensemaking.
You might not think of excitement when you hear the words “Digital Governance” but I can assure you that this book is a real page-turner…especially if your job involves managing large-scale information messes. There is a special kind of chaos that only information and knowledge workers can understand and this book paints a picture so many of us have seen in practice but in a way that leaves the reader inspired to fight another day, instead of wallowing in a sea of information-induced self-pity.
I recommend this book because I have seen too many information architecture efforts die on the vine due to a lack of good governance. The frameworks and recommendations in this book mean I always have a playbook to hand to teams in need.
Few organizations realize a return on their digital investment. They’re distracted by political infighting and technology-first solutions. To reach the next level, organizations must realign their assets—people, content, and technology—by practicing the discipline of digital governance. Managing Chaos inspires new and necessary conversations about digital governance and its transformative power to support creativity, real collaboration, digital quality, and online growth.
Joanne McNeil has written about internet culture for over fifteen years. Her book considers the development of the internet from a user's perspective since the launch of the World Wide Web. Her interest in digital technology spans from the culture that enabled the founding of major companies in Silicon Valley to their reception in broader culture.
A thorough look at the origins of personal computing and connections between computer users beginning in the 1960s that highlights the BASIC programming language and The Oregon Trail game. Shines a light on the role that universities and the education system played in fostering networks between users.
Silicon Valley gets all the credit for digital creativity, but this account of the pre-PC world, when computing meant more than using mature consumer technology, challenges that triumphalism.
The invention of the personal computer liberated users from corporate mainframes and brought computing into homes. But throughout the 1960s and 1970s a diverse group of teachers and students working together on academic computing systems conducted many of the activities we now recognize as personal and social computing. Their networks were centered in New Hampshire, Minnesota, and Illinois, but they connected far-flung users. Joy Rankin draws on detailed records to explore how…
Ever since touching my first computer (the Apple IIC) in 1985, broadcasting a radio show in 1988, logging onto the world wide web in 1991, launching my first podcast in 2004 or producing the highly viewed YouTube show The Download in 2020 I've been interested in what Marshall McLuhan has dubbed, "The Medium is the Message." Not only how media and technology are used but how it intersects with humanity, education, entertainment, marketing and popular culture to drive word of mouth. To me, marketing isn't just about the technology or the quantified metrics but about how it shapes long lasting impressions on people and leads to sustained behavioral change.
Shirky explained the fascination with how everyone becomes media long before TikTok was even a gleam in the eye of its founder Zhang Yiming. In this world that becomes louder, faster, and where attention is harder to come by we might think that it becomes every person for themselves. Not so. Communities become stronger and we enter the age of "We" rather than the age of "Me." A fascinating read on the power of organizations that don't rely on traditional organization hierarchies. If you want to know how good ideas spread in the 21st Century, this is a good book to read.
“A fascinating survey of the digital age . . . An eye-opening paean to possibility.” —The Boston Globe
“Mr. Shirky writes cleanly and convincingly about the intersection of technological innovation and social change.” —New York Observer
An extraordinary exploration of how technology can empower social and political organizers
For the first time in history, the tools for cooperating on a global scale are not solely in the hands of governments or institutions. The spread of the internet and mobile phones are changing how people come together and get things done—and sparking a revolution that, as Clay Shirky shows, is changing…
