I have a new eBook available at Akamai, its called Security Champions Guide to Web Application Security. Why Security Champion? Well, AppSec is an area that often falls betwixt and between different groups, it blurs traditional lines. Basically it comes down to who cares enough to dig and try to solve the company's WebApp security problems, they may come from Dev team or Security team or Network team or any number of places. There is usually not a role called security champion, but there is a need for someone to champion the cause of WebAppSec to craft the security plan, to get designs right, to implement the code, and to deploy. To do all of this is a broad mix of skills.
The book is broken down into the following chapters-
Chapter 1. Behavioral Perimeter - explores how the traditional structural perimeter needs to factor in a behavioral component, to deliver security where its needed
Chapter 2 Security at Scale - simply put scale is tablestakes. If your security doesn't scale then you do not even get invited to the party
Chapter 3 Intelligent Security - security cannot just be passive and static, co-evolution is required now.
Chapter 4 Integration - an effective boundary requires thinking through From-To Integration layers at both Tech and Process integration level
Chapter 5 SecDevOps - security test instrumentation
Chapter 6 Security Architecture Process - fostering a living, breathing boundary