Introduction

Part I: The Need for Security

Chapter 1: Determining Scope

Understanding the Application

Scoping

Chapter 2: Performing a Risk Assessment

Understanding the Threat Landscape

Threat Modeling

Preparing the Risk Assessment

Part II: Securing the Application

Chapter 3: Securing the Code

Assessing Dependencies

Using Static Code Analysis Tools

Writing Unit Tests

Chapter 4: Securing the Interfaces

Identifying the Interfaces

Determining the Interface Inputs

Reducing the Attack Surface

Chapter 5: Securing the Code Repository

Using a Code Repository

Limiting Saved Content

Part III: Securing the Infrastructure

Chapter 5: Restricting Permissions

Understanding Permissions

Identifying the Services

Updating the Permissions

Chapter 6: Account Management

Understanding Account Access

Restricting Account Access

Implementing Multi-Factor Authentication

Part IV: Monitoring and Alerting

Chapter 7: Monitoring Logs

Understanding Logging Methods

Reviewing Logs

Chapter 8: Monitoring Metrics

Understanding Metrics

Reviewing Metrics

Chapter 9: Monitoring Billing

Reviewing Billing

Chapter 10: Monitoring Security Events

Understanding Security Events

Reviewing Security Event

Chapter 10: Alerting

Understanding Alerting

Implementing Alerting

Chapter 11: Auditing

Understanding Auditing

Implementing Auditing

Chapter 12: Finalizing the Risk Assessment

Scoring the Identified Risks

Defining the Mitigation Steps

Assessing the Business Impact

Determining the Overall Security Risk Level

Miguel Calles is a freelance cybersecurity content writer. He has an information assurance certification, and works as an engineer on a serverless project. He started in cybersecurity in 2016 for a US government contract, and has been doing technical writing since 2007, and has worked in various engineering roles since 2004. Miguel started his interest in cybersecurity when he was in middle school and was trying to backward engineer websites.