Hackable: How to Do Application Security Right
You probably subscribe to this blog because you’re looking for new insights, fresh research, and the best ways to secure software. If that sounds like you, then I wrote a book for you.
It’s called Hackable: How to do Application Security Right. It extracts key insights from many years of ethical hacking, security research, and security consulting. It then distills those insights into actionable advice, to teach you exactly how to get application security right.
It helps you build better, more secure products. Then it helps you prove it to your customers.
If you already know you want to read this book, join the waitlist here.
If you want to get a sense for how the content will help you, read on…
The Book Idea in Brief
If you don’t fix your security vulnerabilities, attackers will exploit them. It’s simply a matter of who finds them first. If you fail to prove that your software is secure, your sales are at risk, too.
Whether you’re a technology executive, developer, or security professional, you are responsible for securing your application. However, you’re uncertain about what works, what doesn’t, how hackers exploit applications, or how much to spend. Or, maybe you think you do know, but don’t realize what you’re doing wrong.
To defend against attackers, you must think like them. As a leader of ethical hackers, Ted Harrington helps the world’s foremost companies secure their technology. Hackable teaches you exactly how. You’ll learn how to eradicate security vulnerabilities, establish a threat model, and build security into the development process. You’ll build better, more secure products. You’ll gain a competitive edge, earn trust, and win sales.
The Problem
Many companies don’t know which security approaches work, and which don’t. Other companies don’t even know where to start. They aren’t sure what to assess, what to prioritize, or how much to spend. They don’t know how hackers think or break systems. They don’t know the best way to find their vulnerabilities. They don’t know the best way to fix them.
Worse, companies sometimes think they do know those things, only to later learn they were actually doing it wrong the entire time.
Security is never done. Companies don’t know if “good enough” is actually good enough. They’re not sure when they can move on. Change is the only constant. As technology shifts, so too does the security model. Software development itself is changing.
Certain types of security testing deliver reports that border on unusable. They’re packed with false positives (suggesting there’s a vulnerability where there’s not one), and inappropriate severity ratings. They report the same, duplicate issues multiple times. There’s no context for the unique threat model, they fail to account for risk appetite, and they don’t give tailored advice on how to fix the issues.
Too many terms mean too many things to too many people. There’s a severe lack of uniformity on what security testing is or should be. This confusion makes it even harder to translate outcomes to the Chief Executive Officer (CEO), the board, and your customers.
To do security right, it requires time, attention, and money. However, you have many other priorities competing for those same resources. Further complicating things is the cold reality that security might not even be your whole job. Regardless, if there’s a security breach: it’s still on you. You don’t want to have to explain to anyone why you suffered a security breach. You’ve read the headlines: Twitter, Zoom, British Airways, Google, T-Mobile, Cathay Pacific, Timehop, Panera Bread, Facebook, Sears, Kmart, Best Buy, Fortnite, and First American Financial have all had their apps hacked. You don’t want to be next.
You wish application security was easier. You wish this wasn’t your problem.
You just want to be secure.
Sound familiar?
If so, I know how you feel. I’ve been in the trenches with many people battling these same challenges. I understand why you might think security is a headache; but in reality, security is your best friend. It’s not just the right thing to do; it also delivers a competitive advantage for your business. Proving that you’re secure in the face of unknown threats is exactly how you earn the trust of your customers. That leads to more sales, more customers, and more market share. It’s how you become a leader in your field.
Sadly, most people don’t do security right. But after you read this book, you will.
That, my friend, is a competitive advantage. Your customers want to use software that is secure. When you can deliver that but your competitors can’t, you’ll win.
What You’ll Learn
There’s a lot of advice out there about how to approach application security. Some of it is even good advice. Much of it, though, is straight-up wrong. (Now, if you’re like me, a statement like that makes you question whether the advice in this book is, in fact, correct. Good! I’ll get to that).
This book helps you rethink norms. Then it teaches you the best way to find security vulnerabilities. Then it shares the best approach for fixing them. That’s how you get secure. Once you are secure, you need to prove it. This book helps you do that, too.
You’ll learn everything you need to know in order to do application security right. Here’s just a sample of the how-to topics covered in this book:
- How to think like an attacker
- How to multiply impact with both in-house personnel and external experts
- How to pick a methodology: white-box versus black-box
- How to figure out if you need penetration testing, or something else
- How to find your security vulnerabilities, including especially the unknowns and custom exploits
- How to fix your security vulnerabilities
- How to approach reassessments and deal with change
- How to determine how much money to spend
- How to establish a threat model
- How to build security into the development process
- How to use security to drive sales
Get Your Copy
This book extracts insights from the front lines of ethical hacking. It simplifies those insights, and translates them into an actionable method. It does this so that you can be better.
If this resonates, then this is the right book for you.
Let’s get started.
Get your copy at https://www.hackablebook.com/
Ted Harrington is the author of Hackable: How to Do Application Security Right. and the Executive Partner at Independent Security Evaluators (ISE), the company of ethical hackers famous for hacking cars, medical devices, and password managers. He’s helped hundreds of companies fix tens of thousands of security vulnerabilities, including Google, Amazon, Microsoft, Netflix, and more. Ted has been featured in more than 100 media outlets, including The Wall Street Journal, Financial Times, and Forbes. His team founded and organizes IoT Village, an event whose hacking contest has produced three DEF CON Black Badges.
