Saturday 29 October 2016

Email to owasp-leaders about SecDevOps Risk Workflow Book

Here is the email I just sent to the OWASP-leaders list

SecDevOps Risk Workflow Book (please help with your feedback)

Hi fellow OWASP leaders and friends, over the past 4 years I made the move from 'breaking apps' into becoming a real Developer, an AppSec Trainer and creating multiple AppSec teams (protecting large companies from real attacks and helping developers to write secure code)

To try to capture my experiences, to help a wider audience and to get some feedback, I've been creating a book on leanpub called SecDevOps Risk Workflow which I would really appreciate if you could check it out.

You can get it for free at 

Note that when you get the book from Leanpub, you will also get all future updates (which I'm releasing regularly). 

Here is current book introduction:
This is a book about making developers more productive, embedding security practices into the SDL and ensuring that security risks are accepted and understood. 
The focus is on the Dev part of SecDevOps, and on the challenges of creating Security Champions for all DevOps stages.
All content is released under an Creative Commons license (CC BY 3.0) and the GitHub repository Book_SecDevOps_Risk_Workflow contains all text and ideas.
This book is based on successful and unsuccessful real world applications of these ideas. 
Any feedback, suggestions or comments will be highly appreciated (please open an issue for them)
Btw, Leanpub is a great book publishing platform, with a great set of values. You should definitely try it out to create a book about the area of OWASP you are passionate about.

Thanks for your help,

Dinis Cruz