front matter
I am a big fan of analogies as an interesting way to describe technical concepts like application security. I find it a straightforward way to get everyone on the same page and get to that “Aha, I get it” moment. I came up with a brand-new analogy for this book’s foreword: application security is like the game Stratego. Stratego is a board game where the goal is to protect your hypothetical country’s flag from your competitor with different types of defenses and strategies. It is up to you to define and design the proper protections for your flag. There is no right or wrong way to protect your flag, but there are good and not-so-good ways. Just like application security programs that ensure the security of your applications, there are many ways to design them. Some application security program designs are excellent, and some need work. This book by Derek Fisher does a fantastic job of helping you understand what an effective application security program should look like for the modern applications your organization is developing today with aggressive CI/CD pipelines.