There have been dramatic advances in application security over the past several years, with many forces at play forcing organizations to care about the security of their software: the rise of security incidents as a result of insecure software, the growing number of regulations that force companies to care about information security, and the growing dependence of internet enabled software.

Organizations of every size and sector of business and government have experienced breaches and the loss that goes with it. However, these growing number of information security events also bring awareness that helps push organizations and the developers within them to build more secure software.

While awareness around the cost of insecure software has risen, it’s not enough. We need surgical advice and clear engineering strategies to build secure software. Enterprises who wish to build secure software must turn their focus to a new way of engineering that includes changes to the famous trilogy of people, process and technology.

That’s where Alice and Bob come in.

Tanya’s book lays out the subject of application security in a clear and concise way, allowing the reader to apply what they have learned as they flow through the book. The chapters are peppered with tales of Alice and Bob, and how the security decisions we make effect real people’s lives. The book starts with an explanation of the importance of this topic, then teaches all of the main security concepts that we all seem to pick up somewhere, but we’re never quite sure how it happened.

From security requirements for web applications to secure design concepts, secure coding guidelines to common pitfalls, it’s sprinkled with stories, examples with Alice or Bob, and diagrams. It also covers testing and deployment, but it’s certainly not a book about ‘hacking’, it’s about how to ensure that your applications are tough, rugged and secure. The book describes how to create an AppSec program, how to secure modern technologies and systems, habits for developers (or anyone) to keep themselves and their systems safe, and even includes a learning plan at the end! With tips, tricks and even jokes, this is not your average textbook.

I hope you enjoy this book as much as I did, and that you decide to fight the good fight with Tanya and me, by building secure software!

-Jim Manico, Founder, Secure Coding Instructor, Manicode Security