Alice and Bob Learn Application Security 1st Edition

This is a well written book on application security that can be used by individuals interested in learning application security as well as companies looking to start/improve application security. Excellent book for studying as part of a book club!

Hi Tanya. Application security is such an interesting topic for me being with a focus on defensive security and how to secure web applications. This book and your podcast are so useful. I did a first pass read of your entire book to first get a taste of it to see the big picture. Will probably read a second and third time to really get the meat of it and learn more about appsec. This book helped me quickly grok concepts that was until then vague in my head namely where to specifically put authentication in multi api flow. Nice and sweet right to the point diagrams and flowchart to save the snapshot in my head. Thanks for your awesome work. Willing to learn more on your other material talks and podcast. Take care and have a delightful day Tanya.

I run a DevSecOps Book Club and this was the first book we chose to collectively read together. Tanya (the author), was incredibly gracious and even offered to join us live for one of our book club meetings — sharing some of her personal industry experiences, answering questions, and generally being an advocate for security education.The book is well-written, to the point, and walks developers through the entire thought process behind building secure software, both culturally and technically.If you’re looking for a book that is easy to read and will give you a good mix of practical security information (such as what HTTP security headers you should be using in your web applications) to principles and best practices (such as understanding the C-I-A model and threat modeling), you won’t go wrong with this book.I highly recommend it to anyone new to the world of application security. It’s an accessible and fun introduction to the space — you’ll learn a lot! =)

Starting point for a pen tester

This is a great book that reminds me of all the application security foundation topics. Tanya's advice is very wise, and sometimes I use the book as a guide on things I need to look up or things I have forgotten about.

Great way to approach the material! I started with the audio book because I wanted dive in immediately after attending a training session. By immediately, I mean I bought it during the session and listened to it on the drive home. I eventually ordered a physical copy too because, I wanted a tactile experience as well.

For all of us working in or close to code, I highly recommend reading "Alice and Bob learn Application Security" by Tanya Janca. It's a super-easy, super-quick, super-CURRENT read, that covers the most important industry-wide practices and principles in a more concise, relevant, digestible, actionable form than any other source I have found. Just as importantly, it equips both coders and code-adjacent folks with a much-needed industry vocabulary for communicating effectively about application security within the team as well as across the organization. IMHO this should be required reading for anyone with a role in producing software on the internet. No excuses - it's inexpensive, relatively short, and exceptionally well organized for either scanning or devouring in-depth.

Great read for anyone interested in learning about application security; I’ll be on the lookout for more from Tanya Janca!