کتاب Alice and Bob Learn Application Security یک راهنمای جامع و درعین‌حال قابل‌فهم برای توسعه‌دهندگان، مدیران پروژه، و متخصصان امنیت است که می‌خواهند امنیت نرم‌افزار را از ابتدای چرخه توسعه سیستم (SDLC) در فرآیند توسعه یکپارچه کنند.

با استفاده از داستان‌های آشنا و استعاری شخصیت‌های Alice و Bob، نویسنده مفاهیم پیچیده امنیت نرم‌افزار را با زبانی ساده و همراه با نمودارها، مثال‌های واقعی، کدهای نمونه، و تمرین‌های کاربردی توضیح می‌دهد.

📌 مطالب کلیدی کتاب:

• مفاهیم پایه امنیت نرم‌افزار و الزامات امنیتی
• طراحی امن (Secure Design)
• برنامه‌نویسی امن همراه با راهنماهای عملی (Secure Coding Guidelines)
• تهدیدشناسی (Threat Modeling) و تست امنیتی (Security Testing)
• ایجاد و مدیریت برنامه امنیتی نرم‌افزار (AppSec Program)
• چالش‌های امنیتی در معماری‌های مدرن و روش‌های مقابله با آن‌ها
• رعایت بهداشت امنیتی (Security Hygiene) برای توسعه‌دهندگان و تیم‌های IT

این کتاب با رویکرد "Shift Left" به شما نشان می‌دهد چگونه امنیت را از همان مراحل ابتدایی توسعه در نظر بگیرید و به بخشی طبیعی از فرآیند مهندسی نرم‌افزار تبدیل کنید — نه چیزی که بعداً به سیستم اضافه شود.

مناسب برای:

✅ توسعه‌دهندگان نرم‌افزار

✅ مدیران پروژه

✅ متخصصان تست نفوذ (Penetration Testers)

✅ مسئولین امنیت اطلاعات (CISOs)

✅ افرادی که تازه وارد حوزه Application Security شده‌اند و به دنبال منابع کاربردی و حرفه‌ای هستند.

Alice and Bob Learn Application Security پلی بین مفاهیم تئوری و نیازهای واقعی تیم‌های توسعه مدرن ایجاد می‌کند — بدون پیچیدگی اضافی و با تمرکز بر کاربرد و اثربخشی.

Learn application security from the very start, with this comprehensive and approachable guide!

Alice and Bob Learn Application Security is an accessible and thorough resource for anyone seeking to incorporate, from the beginning of the System Development Life Cycle, best security practices in software development. This book covers all the basic subjects such as threat modeling and security testing, but also dives deep into more complex and advanced topics for securing modern software systems and architectures. Throughout, the book offers analogies, stories of the characters Alice and Bob, real-life examples, technical explanations and diagrams to ensure maximum clarity of the many abstract and complicated subjects.

A TRIED-AND-TESTED APPROACH TO BUILDING SECURITY INTO PROJECTS FROM THE START

Do you have difficulty implementing application security into your software development process? Alice and Bob Learn Application Security shows readers how to "push left" in software, by building security considerations into their system development life cycle, right from the start.

You'll learn basic security fundamentals and requirements, as well as secure design concepts, all while benefiting from the code, exercises, and examples interspersed throughout the text.

Written by one of the leading voices in the application security field, the book includes answers to the most common questions people starting out in application security often have. It also includes valuable additional resources where readers can find more answers.

The core security concepts are illustrated through references to the personas of Alice and Bob and how their professional lives and businesses drive application security decisions. The book takes a pleasantly straightforward approach that's heavy on practical strategies and light on needless jargon or complexity. At the same time, it supplies the rigor or richness you would expect to find in a leading resource on the topic of application security.

The book is perfect for current and aspiring software and application developers. It also belongs on the bookshelves of software project managers, Chief Information Security Officers, and penetration testers who seek to improve their craft and their ability to deliver valuable results.

Alice and Bob Learn Application Security will teach you everything you need to know about:

• Security fundamentals and requirements
• Secure design concepts
• Secure coding (with guidelines)
• The basics of threat modelling and security testing
• How to build an AppSec program
• Modern application security concerns and defenses
• How to implement security hygiene protocols for developers and IT staff

Table of Contents

Part 1 What You Must Know to Write Code Safe Enough to Put on the Internet

Chapter 1 Security Fundamentals

Chapter 2 Security Requirements

Chapter 3 Secure Design

Chapter 4 Secure Code

Chapter 5 Common Pitfalls

Part 2 What You Should Do to Create Very Good Code

Chapter 6 Testing and Deployment

Chapter 7 An AppSec Program

Chapter 8 Securing Modern Applications and Systems

Part 3 Helpful Information on How to Continue to Create Very Good Code

Chapter 9 Good Habits

Chapter 10 Continuous Learning

Chapter 11 Closing Thoughts

About the Author

Tanya Janca, also known as SheHacksPurple, is the founder of We Hack Purple, an online learning academy dedicated to teaching everyone how to create secure software. With over twenty years of IT and coding experience, she has won numerous awards and worked as a developer, pentester, and AppSec Engineer. She was named Hacker of the Year by the Cybersecurity Woman of the Year 2019 Awards and is the Founder of WoSEC International, #CyberMentoringMonday, and OWASP DevSlop.