Agile Security A Security-Driven Development Approach with Abuser Stories

  • ISBN13:


  • ISBN10:


  • Edition: 1st
  • Format: Paperback
  • Copyright: 2021-05-28
  • Publisher: Addison-Wesley Professional

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
List Price: $39.99 Save up to $10.00
  • Rent Book $29.99
    Add to Cart Free Shipping Icon Free Shipping

    *This item is part of an exclusive publisher rental program and requires an additional convenience fee. This fee will be reflected in the shopping cart.

Supplemental Materials

What is included with this book?


Agile Security will transform the way software teams think about security. This deeply practical guide introduces immediately useful tools and practices that agile teams can apply to address security from a project’s inception and throughout its lifecycle. Leading Scrum trainer and agile security expert Judy Neher shows how to deliver every iteration with a keen eye on how its code and data might be exploited by adversaries.


Neher starts with a key truth: the challenge of modern software security now belongs to the entire team, not just security engineers or information assurance professionals. Drawing on immense personal experience, Neher shows how to imbue agile teams with a security mindset, change what they need to change, and embed fully agile approaches to security throughout all they do.


Throughout, she introduces proven practices, measures, and tools -- including powerful “Abuser Stories” which adapt the familiar “user stories” approach to help teams understand exactly who and what they’re up against.

Table of Contents

Part I: Getting Started
1. Why Read This Book?
2. A Brief History of Security Practices
3. An Agile Overview
4. Security Requirements
5. The Definition of Done and Its Role in Security-Driven Agile Development
6. An Introduction to Abuser Stories. Thinking Like the Bad Guy
7. Writing Abuser Stories
8. Abuser Roles
9. Gathering Abuser Stories
10. Roles and Responsibilities. Who Writes What?
11. Refutation Criteria and Acceptable Risk
12. Writing Good Abuser Stories


Part II: Estimating and Planning
13. Ranking Abuser Stories on the Product Backlog
14. Estimating Abuser Stories
15. Planning an Iteration with a Security-Driven Mindset
16. Planning a Release with a Security-Driven Mindset


Part III: Frequently Asked Questions


Part IV: An Example


Part V: Appendices

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program