97 Things Every Application Security Professional Should Know

In this fast-advancing technology world, almost everything is written as software or application. Together with the fast-evolving threat landscape, protecting customer data and ensuring the resilience of your business becomes the critical objective of all cybersecurity professionals. Weak application defenses can lead to serious consequences like regulatory fines, penalties, and loss of customer trust--especially for industries that handle sensitive or financial data. That's why it's imperative for security professionals to reinforce themselves with the latest insights to combat growing cyber threats.

In this go-to guide, editors Reet Kaur and Yabing Wang share key concepts, up-to-date best practices, and cutting-edge tools that today's cyber professionals need to ensure solid application security. The articles in this book include actionable advice on a wide variety of application security topics and thought-provoking questions that drive the direction of the field. You'll also receive expert advice from professionals on how to navigate your career within this industry.

Articles include:

• AppSec Is a People Problem--Not a Technical One -- Mark S. Merkow
• A Coordinated Approach to a Successful DevSecOps Program -- Han Lievens
• Will Passwordless Authentication Save Your Application? -- Aldo Salas
• Introduction to CI/CD Pipelines and Associated Risks -- Tyler Young
• Unveiling Paths to Account Takeover: Web Cache to XSS Exploitation -- L tf Mert Ceylan
• Secure the Software Supply Chain Through Transparency -- Niels Tanis
• The Right Way to Threat Model -- Josh Brown
• Enhanced Application Security Defense -- Michael Freeman
• Mobile Security Domain and Best Practices -- Aruneesh Salhotra
• API Security Primer -- Chenxi Wang
• Will Generative and LLM Solve a 20-Year-Old Problem in Application Security? -- Neatsun Ziv
• Application Security in Cyber-Physical Systems -- Yaniv Vardi