Hackable: How to Do Application Security Right

Kindle Edition
251
English
N/A
N/A
07 Dec
If you don’t fix your security vulnerabilities, attackers will exploit them. It’s simply a matter of who finds them first. If you fail to prove that your software is secure, your sales are at risk too.

Whether you’re a technology executive, developer, or security professional, you are responsible for securing your application. However, you may be uncertain about what works, what doesn’t, how hackers exploit applications, or how much to spend. Or maybe you think you do know, but don’t realize what you’re doing wrong.

To defend against attackers, you must think like them. As a leader of ethical hackers, Ted Harrington helps the world’s foremost companies secure their technology. Hackable teaches you exactly how. You’ll learn how to eradicate security vulnerabilities, establish a threat model, and build security into the development process. You’ll build better, more secure products. You’ll gain a competitive edge, earn trust, and win sales.

Reviews (51)

'Hackable' gives facts and wisdom!

The writing pulls you in, but more importantly this is a crucial discussion of cyber-threats and how to counter them for personal and business applications. Covers cyber-security for cryptocurrencies, apps, personal finance, and more!

If this is the last book you read make it HACKABLE!

It's 202X and the great robot wars have ravaged the earth's surface. What humans are left alive live in underground bunkers connected by a series of tubes. Even though the world has ended, you made sure that in the last amazon order of toilet paper and tuna fish you also ordered Hackable. You read it by candlelight each night. And each night getting closer to realizing this is the only thing which keeps you going. ITS A PAGE TURNER. There's a cat and a horse, there's drama and intrigue. It teaches you how to budget your bottle caps (earth's last currency) for security. SECURITY is all that matters now and the enemy is run by AI written applications. But this book helped you realize that the AI was written by rushed coders. Ted showed you how you need an effective security team to partner with you to assess your code. The AI runs scanners but that's no match for your crack team of hackers in your bunker. You connect to the robot's network and realize it's full of vulnerabilities! You get a root shell on the AI machine and you turn to your partners and say, "I'm in." Your team single handedly destroys the robot threat and now you must rebuild human society. Thanks Ted!

Getting security right is an attitude

As a friend and fellow author, Ted Harrington generously shared an advanced copy of his incredible new book. I was unsure what to expect because the concepts of "hacking" and the entire security industry are all a complete mystery. HACKABLE is far more than a book about application security; when you look beyond the specific words unique to the industry, the book's core is built on service, leadership, and personal excellence. These two sentences so accurately describe Ted's intent of the book: "Getting security right is an attitude. It's a mindset. It's a pursuit of excellence. You want to write the best code. You want to build the best product. That means you need to get security right, too." This book has all of the elements you would expect and need in learning how to do application security right but written in an engaging, fun, energetic way. Highly recommend it for novices and experts alike!

Valuable information for security expert and consumer alilke

It's surprising how many companies do security wrong. Sometimes due to lack of knowledge, but must often due to a lack of funds. In Hackable, Ted Harrington clearly explains why there is no excuse for the former, even if you need to hire professionals to do it, and why not spending the money up front to do it right results in spending even more money on the back end to fix problems once they're identified. Ted balances concepts with specificity, and technical explanations alongside storytelling in a way that experts will appreciate and consumers can understand.

A MUST read for any CTO/CEO/Security Professional!

FINALLY! I have seen Ted talk at many different security conferences including RSA, DEF CON, and Black Hat. I'm a huge fan of his take on not only how to properly implement security, but how to use security as a differentiator to grow your current customers and bring in new ones as well. This book is perfect: not too long, not too technical. I am currently a part of an enterprise-level software company and the insights I have gleaned from this book will help me 1) Help me better communicate to the executive team why security matters 2) Begin to implement real change 3) better secure my app and 4) use security as a differentiator to grow my business and increase sales. Going to recommend this to everyone I know (and not just to make myself look good :))

Invaluable and accessible!

Ted Harrington offers invaluable and accessible step-by-step guidelines for how to manage an organization’s cyber security. He is clearly passionate about this work, and his desire to share this knowledge, not only so that organizations can succeed in providing cyber secure applications for their customers, but so that the world can ultimately be a safer place. This book is a gift to all of us!

Very helpful and informative!

This book contains a wealth of helpful and informative information! It's a lifesaver and a must read for anyone in the field of application security. I've been looking for a book that covers this subject in detail for a long time and this book finally checks all of the boxes! It's an easy read and hard to put it down! Once you finish reading this book you'll definitely be better off for it.

Great book! Engaging & accessible. A must read for everyone, not just cybersecurity teams

Application Security is the fastest moving sector in cyber. Driven by business opportunity, development teams everywhere are launching and supporting applications with serious vulnerabilities. Hackable gives readers a wealth of information and distills Ted's decades of experience into a framework that is actionable and attainable. Ted's focus on how to turn security into competitive advantage is a breath of fresh air in today's fear-based cyber-economy. Ted's writing style is engaging and accessible making Hackable is a page-turner that will enhance your knowlede help you improve your organization's security immediately.

Comprehensive read on the tenets of application security

Fantastic guidance on how to pragmatically think about appsec. This book should be regarded as required reading for anyone looking to expand the breadth of their understanding regarding security, and establishing procedures to discover and eliminate vulnerabilities. A very straightforward read, yet written in a way that holds the reader's interest throughout the book. Very highly recommended.

Quality Content; Would Read Again

I've worked in security-adjacent jobs throughout my career and I've seen many, many preventable security shortcomings. If everyone could think like Ted from time to time, it would help guide them to more secure system design and review. It might make my job a little harder but would definitely create more secure products for all the end-users!

'Hackable' gives facts and wisdom!

The writing pulls you in, but more importantly this is a crucial discussion of cyber-threats and how to counter them for personal and business applications. Covers cyber-security for cryptocurrencies, apps, personal finance, and more!

If this is the last book you read make it HACKABLE!

It's 202X and the great robot wars have ravaged the earth's surface. What humans are left alive live in underground bunkers connected by a series of tubes. Even though the world has ended, you made sure that in the last amazon order of toilet paper and tuna fish you also ordered Hackable. You read it by candlelight each night. And each night getting closer to realizing this is the only thing which keeps you going. ITS A PAGE TURNER. There's a cat and a horse, there's drama and intrigue. It teaches you how to budget your bottle caps (earth's last currency) for security. SECURITY is all that matters now and the enemy is run by AI written applications. But this book helped you realize that the AI was written by rushed coders. Ted showed you how you need an effective security team to partner with you to assess your code. The AI runs scanners but that's no match for your crack team of hackers in your bunker. You connect to the robot's network and realize it's full of vulnerabilities! You get a root shell on the AI machine and you turn to your partners and say, "I'm in." Your team single handedly destroys the robot threat and now you must rebuild human society. Thanks Ted!

Getting security right is an attitude

As a friend and fellow author, Ted Harrington generously shared an advanced copy of his incredible new book. I was unsure what to expect because the concepts of "hacking" and the entire security industry are all a complete mystery. HACKABLE is far more than a book about application security; when you look beyond the specific words unique to the industry, the book's core is built on service, leadership, and personal excellence. These two sentences so accurately describe Ted's intent of the book: "Getting security right is an attitude. It's a mindset. It's a pursuit of excellence. You want to write the best code. You want to build the best product. That means you need to get security right, too." This book has all of the elements you would expect and need in learning how to do application security right but written in an engaging, fun, energetic way. Highly recommend it for novices and experts alike!

Valuable information for security expert and consumer alilke

It's surprising how many companies do security wrong. Sometimes due to lack of knowledge, but must often due to a lack of funds. In Hackable, Ted Harrington clearly explains why there is no excuse for the former, even if you need to hire professionals to do it, and why not spending the money up front to do it right results in spending even more money on the back end to fix problems once they're identified. Ted balances concepts with specificity, and technical explanations alongside storytelling in a way that experts will appreciate and consumers can understand.

A MUST read for any CTO/CEO/Security Professional!

FINALLY! I have seen Ted talk at many different security conferences including RSA, DEF CON, and Black Hat. I'm a huge fan of his take on not only how to properly implement security, but how to use security as a differentiator to grow your current customers and bring in new ones as well. This book is perfect: not too long, not too technical. I am currently a part of an enterprise-level software company and the insights I have gleaned from this book will help me 1) Help me better communicate to the executive team why security matters 2) Begin to implement real change 3) better secure my app and 4) use security as a differentiator to grow my business and increase sales. Going to recommend this to everyone I know (and not just to make myself look good :))

Invaluable and accessible!

Ted Harrington offers invaluable and accessible step-by-step guidelines for how to manage an organization’s cyber security. He is clearly passionate about this work, and his desire to share this knowledge, not only so that organizations can succeed in providing cyber secure applications for their customers, but so that the world can ultimately be a safer place. This book is a gift to all of us!

Very helpful and informative!

This book contains a wealth of helpful and informative information! It's a lifesaver and a must read for anyone in the field of application security. I've been looking for a book that covers this subject in detail for a long time and this book finally checks all of the boxes! It's an easy read and hard to put it down! Once you finish reading this book you'll definitely be better off for it.

Great book! Engaging & accessible. A must read for everyone, not just cybersecurity teams

Application Security is the fastest moving sector in cyber. Driven by business opportunity, development teams everywhere are launching and supporting applications with serious vulnerabilities. Hackable gives readers a wealth of information and distills Ted's decades of experience into a framework that is actionable and attainable. Ted's focus on how to turn security into competitive advantage is a breath of fresh air in today's fear-based cyber-economy. Ted's writing style is engaging and accessible making Hackable is a page-turner that will enhance your knowlede help you improve your organization's security immediately.

Comprehensive read on the tenets of application security

Fantastic guidance on how to pragmatically think about appsec. This book should be regarded as required reading for anyone looking to expand the breadth of their understanding regarding security, and establishing procedures to discover and eliminate vulnerabilities. A very straightforward read, yet written in a way that holds the reader's interest throughout the book. Very highly recommended.

Quality Content; Would Read Again

I've worked in security-adjacent jobs throughout my career and I've seen many, many preventable security shortcomings. If everyone could think like Ted from time to time, it would help guide them to more secure system design and review. It might make my job a little harder but would definitely create more secure products for all the end-users!

Excellent book - a must read for anyone who cares about technology and privacy

Ted Harrington has written an insightful book and a how-to manual for improving security that would be useful to anyone developing OR using applications. Techies, executives, privacy folks, or just plain users could all benefit from the lessons in this book. I highly recommend it. It's written in a clear and concise way with lots of interesting examples from the field. A must read for anyone who's ever touched an app in their life.

You'll get value out of this book no matter what your background is in.

Do you like being hacked? If so, this book is not for you. Otherwise get or pirate this book to get the unique perspective from a security consultancy that has performed thousands of security assessments spanning hundreds of clients to gain high level insight and terminology on application security topics. Also, you’ll find out what it means to “Catch a crab”.

Compelling Read

Ted Harrington makes a solid case for investing in vulnerability assessments. His examples are easy for anyone to understand - you don't have to be a tech guru to get a lot out of the book. Every stakeholder, from CEO to board member to CIO will immediately recognize the value in following the recommendations. Hackable is a must have resource for 2021 !

Great book, easy read, and engaging

Great book for people who are looking into starting a business in tech or for people looking into security science and want to read how a security company operates and what the real world implications of security entail

A great read... security made accessible!

This is not only a how-to for anyone interested in application security, but it's filled with tangible, real-life examples that clearly demonstrate how critical this security is to us all. Highly recommend for anyone looking to learn more about how real organizations can approach and address security issues to drive a real business impact.

Not For Anyone Who Wants To Hack Anything

If you want an overview of stuff you probably already know, read this book. If you want to know how to hack and what hacking entails, don’t buy or read this book.

This Book Helps You Do Application Security Right

Ted Harrington's book Hackable is a practical guide that tells the reader what to do and how to do it with regard to building better and more secure systems. Security is an investment so it makes sense to purchase this book to learn how to protect that major investment with Ted's proven methods.

A must-read!

Reading this book is like engaging with an old friend... a friend who also happens to be an expert at application security. I didn’t know what I didn’t know before reading this book!

Awesome insights!

I work at a software company and this book has helped us basically redefine our whole way of thinking about and investing in security. 100% recommend this to any software-based companies

Harrington Informs and Empowers!

This is a well-written and informative book! It taught me to think like a hacker and I now feel much more in control of my own security. An empowering read!

The Best Book On The Market for Application Security

Tons of real-world examples that clearly illustrate the expertise of Ted and his team!

If you own a Computer, Cell Phone or even a keyless entry to your Car This is a MUST read book!

This is an Exellent book and one I Highly recommend to put on your list for must read books. Ever since I had my identity stolen from a simple credit card transaction It caused me to ask questions not only how safe are my credit cards but my security system on my computer at work and home and even my cell phone. This book is exectly what I have looking for! Thank You Ted for writing a book that even I can read and understand on this subject.

This book teaches you how to constantly seek improvement

This book is an application security guide that is approachable for anyone. It tells you what to do and why, all while educating you on many common misconceptions. This book is for the seasoned pro, the student or recent graduate, and everyone in between. It's accessible for anyone of any background and filled with strategies and tactics to help you constantly seek improvement and gain a competitive edge. As someone fairly new to the security industry, the relatable examples in this book make the content easy to understand and teaches me how to eradicate security vulnerabilities. So well written and easy to follow along, I recommend this book to anyone in the industry, or those just looking to learn about appsec and security! I've learned lots of fun facts through each chapter that I've enjoyed sharing with family and friends in the industry. Ultimately, this book teaches you to think like a hacker.

A different approach

I found this book to be very helpful! Most security books that I have read (or tried to) expect you to have a strong security foundation and if you aren't at an expert level, you miss out on what the book is trying to teach you. In this book, the author takes you by the hand and walks you through different methodologies & approaches to Application Security in terms anyone can understand. This book is perfect for anyone at any company level and honestly even the most experienced security analyst will learn something while reading. I am going to share this book with all of my coworkers and friends in my field and I think you should as well! Each individual plays a part in security. Thanks Ted!

Full of information and understandable by the average person

In this era of computer data breaches happening seemingly every week, computer security has become a very important subject. This book, written by the head of a computer security company, gives the details. First, establish a partnership with an external computer security company. Your internal IT people may be the best, but they can't do it all by themselves. Most companies think that they need a penetration test, but what they really need is a vulnerability assessment. A penetration test will answer a Yes/No question (Will X work in situation Y?), but a vulnerability assessment will go through your whole system, looking for problems. You should absolutely give the external company a tour of your system, ahead of time. You don't want them wasting their time, and your money, finding vulnerabilities that you already knew about. When you are presented with the list found vulnerabilities, whether it's a few or a lot, Fix Them, or get them fixed. Prioritize those that have to be fixed today, and those that can wait. After they are fixed, the external company needs to do a remediation test. It is to make sure that the problems were fixed, and that fixing one problem didn't create several more problems. The book says that there is no such thing as "perfect" security, or being "done" with security. Internal files are moved, and internal settings are changed, every day, so new vulnerabilities may be created every day. A vulnerability assessment needs to be done a couple of times per year. How much do you not want to be the next corporate victim of a hacker attack? On your company website, have a separate page that talks all about computer security. Explain exactly what you are doing; potential customers will be very interested. Don't simply say "We guarantee the best computer security anywhere." Computer security can be a very complex subject. The author does an excellent job at making it understandable by the average person. This book is full of information, and is very easy to read. It is well worth the time.

Harrington's Opus

Hackable is not only an approachable, actionable resource for security professionals and technology leaders, but it is further a literary masterpiece. Harrington's selection of apt analogy after magnificent metaphor, all artfully curated and flowing together to educate and better the reader. Like most works of genius, the ideas are bold, simple, and complete. It is grand. I am a better person, nay a better contributor to humanity after reading it.

Security Explained the Right Way

If you’ve been afraid of your roomba taking over and magically start on its own , you are not alone. With this book I learned the importance of security in not just devices , but in all application, so this will teach the ordinary person and a high tech level person how to do security right! Ted Harrington explains everything in a language that is very easy to understand . By the time I finished this book, I wasn’t afraid of my roomba anymore!

Excellent reference to start your journey down the long road of application security

The cause behind many information security incidents is vulnerable networks and applications. In Hackable: How to Do Application Security Right (Lioncrest Publishing), author Ted Harrington has written a helpful guide to slow down this dangerous problem. Harrington is president of Independent Security Evaluators, has his hands on the pulse of the industry, and has written a pragmatic guide to educate the reader on the importance of application security. Far too many firms try to do security by following a check-box-like approach, and that is precisely the approach the book is trying to stop firms from doing. Harrington takes somewhat of a contrarian view in his approach to security testing. Some of his suggestions run contrary to what industry best practices and firms like Gartner suggest, and that is not necessarily a bad thing. An example of his contrarian approach is his disdain for black-box security testing, which he considers a waste of time and money. Black-box testing is an approach that limits the information your penetration testers have to replicate real-world conditions better. A white-box approach is when the firm being tested provides the penetration testing team with information about the systems being tested and administration-level credentials to perform the test. To which Harrington writes (not incorrectly) that a white-box approach makes the best use of your times and money. The rest of the book builds on that idea, and he writes of many misconceptions firms have when it comes to security testing. Some of which include firms misunderstanding the difference between vulnerability scans and vulnerability assessments, why bug bounty programs can be of little value to many firms, and more. One of the most insightful points he makes in the book is when he writes that “security is a loop, not a line.” Too many firms think their security process is done after they perform their annual pen test. But the reality is that security is an endless loop of determining your threat model, performing assessments against that model, remediating those threats, and then doing that all over again. Chapter 8 details how to establish your customized threat model. By knowing and understanding what to protect, whom to defend against and where you will be attacked, a firm can ensure they are putting their budgets and efforts in the right places. The chapter details numerous threats, including nation-states, insiders, and more, to help you establish a threat model that works for you. A final important point the book makes is that while many software companies tend to think that security slows down the development process, that is simply not the case. He shows that by building security into the development process, you will get better security that costs less in the end, and due to a formal program to deal with the security issues in the development process, it will, in fact, not slow things down. For those looking to understand what they need to do around application security, Hackable: How to Do Application Security Right is an excellent high-level guide to start them on their journey.

No security expertise needed

This author has clearly put a lot of time and effort to ensure a non-technical person can read and understand this book. It's easy to understand and relate. I'm not technical, so that was super important to me. I would recommend it if you're technically savvy or not.

Informative

Well written guidelines for protecting your system. Up to date for a written book.

Easy to understand and so informative. Highly recommend!

I am in entertainment and I am around and apart of a lot of sensitive information and we are always looking for ways to understand and prevent hacking of private information and materials that are in the making and not yet released. This book helps make sense of security and hacking in a way that does no make me feel stupid. This isn’t some tech guys ego trip, it actually breaks it down for you with stories and metaphors and easy to understand advice. Highly recommend. No matter what your job is, it is effected by cyber security.

Met my appetite for security knowledge and then some!

This book was really enlightening! It filled my hunger for security knowledge that I was desperately seeking. This book is like a cookbook for security professionals. It has secret recipes to actual problems and proven solutions within the industry. This book takes the heat out of my worries when ordering food on apps like UberEats or Postmates, I know that if their security team reads this book than my account and food will be safe and secure, and soon in my belly. One quote that really stuck with me in Chapter 2: Choose the right assessment methodology was, “When the director of product security received this comparison, his eyes grew as wide as dinner plates. He literally shouted, ‘We’re never going black-box again!’ And he hasn’t.” I know this exact feeling as my eyes too often become wide as dinner plates when I come to a realization such as this, the last time might have been when I realized how much better air-fryer broccoli tastes compared to boiled broccoli. Overall, if I were to compare this book to food, its clearly a filet mignon. It has great flavor, nutrients, and excitement similarly to how this book provides great insights, excitement, and knowledge! This book is a tasty treat of a read!

Great technical information yet easy to comprehend!

This book not only looks fierce, it is fierce. Great book with easy to read yet highly important information that is relevant to everyone living and navigating this digital age. Highly recommend!!

Application Security is Important to All of Us

This book is terrifying, yet gives hope that all is not lost. The author is an incredible storyteller, and those stories will be useful as I bring more awareness to my own organization. I frankly wish this book existed years ago, but I'm glad it does now -- highly recommended!

Must read for business owners

I've seen Ted speak several times and he is a true expert in his field. This book is a must read for any business owner or exec that wants to ensure the security of their systems.

Everything you could possible need!

Ted's knowledge and expertise truly comes to light in this book. Digital security in this age is arguably one of the most important things when running a business with an application. If you're a leader, engineer, etc. for your company, and your company has an application, there's more to learn here regardless of how confident you are in what you have! I can't recommend this book enough to help you create, or update to an incredibly secure app that your customers can have confidence in.

Security for All!

A fantastic read for all! This book is quite a marvel. From a security newbie to an expert, there is a lot to learn from this book. Using effective analogies and stories, Hackable breaks down complex security topics into digestible content and provides action items for product owners to take in improving their security posture. I would recommend this book to everyone and especially product owners, CISO’s and CTO’s.

A must have for any organization

Ted has done a masterful job of delivering real-world information in a style that works for a regular dude like me. I was a bit intimidated at first but once I started reading the book I could not put it done. I learned so much information!!!! If you have computers and a business this book should be at the top of your list for 2021!

Fantastic read! Adapt or die!

Hackable is a direct assault on the current mismanagement of security in the enterprise. Ted has brilliantly painted a picture that impacts not only the technical side but provides knowledge and value to organizational levels that have historically been blind to that side of their business. There is value in security far beyond what current enterprises focus on. Just a fantastic read!

Such a great author!

An entertaining experienced guy who makes it fun to learn stuff that matters.

A compelling read!

Fantastic! Ted has accomplished that rare feat of writing a book that has the technical detail required by CIO’s and security professionals but through judicious use of stories and metaphors introduces the layperson to the concepts. A must have for CIO’s, technophobes and anyone interested in protecting their business from the digital dangers inherent in the modern world. A compelling read!

Trending Books