Uploaded byhariomtapang
17 views

Practical Security for Agile and DevOps 1st Edition Mark S Merkow

Practical Security for Agile and DevOps 1st Edition Mark S Merkow Practical Security for Agile and DevOps 1st Edition Mark S Merkow Practical Security for Agile and DevOps 1st Edition Mark S Merkow

Embed presentation

Download to read offline
Read Anytime Anywhere Easy Ebook Downloads at ebookmeta.com Practical Security for Agile and DevOps 1st Edition Mark S Merkow https://ebookmeta.com/product/practical-security-for-agile- and-devops-1st-edition-mark-s-merkow/ OR CLICK HERE DOWLOAD EBOOK Visit and Get More Ebook Downloads Instantly at https://ebookmeta.com
Recommended digital products (PDF, EPUB, MOBI) that you can download immediately if you are interested. Practical Linux DevOps: Building a Linux Lab for Modern Software Development 1st Edition John S. Tonello https://ebookmeta.com/product/practical-linux-devops-building-a-linux- lab-for-modern-software-development-1st-edition-john-s-tonello/ ebookmeta.com Hands-On Guide to AgileOps: A Guide to Implementing Agile, DevOps, and SRE for Cloud Operations 1st Edition Sabharwal https://ebookmeta.com/product/hands-on-guide-to-agileops-a-guide-to- implementing-agile-devops-and-sre-for-cloud-operations-1st-edition- sabharwal/ ebookmeta.com Model Driven DevOps Increasing agility and security in your physical network through DevOps 1st Edition Steven Carter https://ebookmeta.com/product/model-driven-devops-increasing-agility- and-security-in-your-physical-network-through-devops-1st-edition- steven-carter/ ebookmeta.com Language Acquisition second edition The Growth of Grammar A Bradford Book Maria Teresa Guasti https://ebookmeta.com/product/language-acquisition-second-edition-the- growth-of-grammar-a-bradford-book-maria-teresa-guasti/ ebookmeta.com
Letters from Rising Pharmacy Stars Advice on Creating and Advancing Your Career in a Changing Profession 1st Edition Susan A. Cantrell https://ebookmeta.com/product/letters-from-rising-pharmacy-stars- advice-on-creating-and-advancing-your-career-in-a-changing- profession-1st-edition-susan-a-cantrell/ ebookmeta.com Reimagining Prosperity: Social and Economic Development in Post-COVID India 1st Edition Arash Fazli https://ebookmeta.com/product/reimagining-prosperity-social-and- economic-development-in-post-covid-india-1st-edition-arash-fazli/ ebookmeta.com The Czars 1st Edition James P Duffy Vincent L Ricci https://ebookmeta.com/product/the-czars-1st-edition-james-p-duffy- vincent-l-ricci/ ebookmeta.com You're a Mean One, Matthew Prince (Boy Meets Boy 2) 1st Edition Timothy Janovsky https://ebookmeta.com/product/youre-a-mean-one-matthew-prince-boy- meets-boy-2-1st-edition-timothy-janovsky-2/ ebookmeta.com Officer Slater Mountain Man Police Force Book 1 1st Edition Flora Madison https://ebookmeta.com/product/officer-slater-mountain-man-police- force-book-1-1st-edition-flora-madison-2/ ebookmeta.com
The Dynamics of Modern Rugby 1st Edition Bruce Davies https://ebookmeta.com/product/the-dynamics-of-modern-rugby-1st- edition-bruce-davies/ ebookmeta.com
Practical Security for Agile and DevOps
Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Group, an informa business AN AUERBACH BO O K Practical Security for Agile and DevOps Mark S. Merkow, CISSP, CISM, CSSLP
First Edition published 2022 by CRC Press 6000 Broken Sound Parkway NW, Suite 300, Boca Raton, FL 33487-2742 and by CRC Press 4 Park Square, Milton Park, Abingdon, Oxon, OX14 4RN © 2022 Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, LLC Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume respon­ sibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, access www.copyright.com or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. For works that are not available on CCC please contact mpkbookspermissions@tandf.co.uk Trademark notice: Product or corporate names may be trademarks or registered trademarks and are used only for identification and explanation without intent to infringe. ISBN: 978-1-032-20647-9 (hbk) ISBN: 978-1-032-15120-5 (pbk) ISBN: 978-1-003-26556-6 (ebk) DOI: 10.1201/9781003265566
Trademarks Used in This Publication Adobe is a registered trademark of Adobe, Inc., in San Jose, CA. Alert Logic is a registered trademark of Alert Logic Inc., in Houston, TX. Amazon, Amazon Web Services, and AWS are registered trademarks of Amazon Technologies, Inc., in Seattle, WA. Atlassian and Jira are registered trademarks of Atlassian Pty Ltd., Sydney, Australia. Azure is a registered trademark of Microsoft Corporation, in Redmond, WA (on hold pending further action as of 2019/09). Barracuda is a registered trademark of Barracuda Networks Inc., in Campbell, CA. Cigital is a registered trademark of Synopsys, Inc., in Mountain View, CA. Citrix is a registered trademark of Citrix Systems, Inc. Contrast Security is a registered trademark of Contrast Security, Inc., in Los Altos, CA. CSSLP and (ISC)2 are registered trademarks of International Information Systems Security Certification Consortium, Inc., in Clearwater, FL. CWE and CVE are trademarks and MITRE is a registered trademark of MITRE Corporation, in McLean, VA. Dell and Dell EMC are registered trademarks of Dell, Inc., or its subsidiaries. Ethereum is a registered trademark of Stiftung Ethereum (Foundation Ethereum). F5 Silverline is a registered trademark of F5 Networks, Inc., in Seattle, WA. Fortify is a registered trademark of EntIT Software LLC, in Sunnyvale, CA. Google Cloud Platform and GCP are trademarks and Google is a registered trademark of Google, Inc., in Mountain View, CA. HCL AppScan is a registered trademark of HCL Technologies Limited, in New Delhi, India. ImmuniWeb is a globally registered trademark owned by High Tech Bridge SA, in Geneva, Switzerland. Imperva is a registered trademark of Imperva, Inc., in Redwood City, CA. ISACA is a registered trademark of Information Systems Audit and Control Association, Inc., in Schaumburg, IL. IriusRisk is a registered trademark of Continuum Security, SL, in Spain. Jama Connect is a trademark of Jama Software, in Portland, OR. Kali Linux is a trademark of Offensive Security. Kubernetes is a registered trademark of The Linux Foundation, in San Francisco, CA. LinkedIn is a registered trademark of LinkedIn Corporation, in Sunnyvale, CA. MICRO FOCUS, the Micro Focus logo, and Micro Focus product names are trademarks or registered trademarks of Micro Focus IP Development Limited or its subsidiaries or affiliated companies in the United States, United Kingdom, and other countries. Microsoft is a registered trademark of Microsoft Corporation, in Redmond, WA. Netflix is a registered trademark of Netflix, Inc., in Los Gatos, CA. NICERC is a trademark of National Integrated Cyber Education Research Center, in Bossier City, LA. Offensive Security is a registered trademark of Offensive Security Limited, in George Town, Grand Cayman. OWASP is designated as non-final office action issued (clarification needed as of 2019/09). Qualys is a registered trademark of Qualys, Inc., in Foster City, CA. Radware is a registered trademark of Radware, in Mahwah, NJ. ScienceSoft is a registered trademark of ScienceSoft USA Corporation, in McKinney, TX. SonarQube is a trademark of SonarSource SA, in Switzerland. Sonatype is a trademark of Sonatype Inc., in Fulton, MD. Synopsys and Synopsys Coverity are registered trademarks of Synopsys, Inc., in the U.S. and/or other countries. ThreatModeler is a registered trademark of ThreatModeler Software, Inc., in Jersey City, NJ. Veracode is a service mark of Veracode Inc., in Burlington, MA. Wallarm is a registered trademark of Wallarm, Inc., in San Francisco, CA. WEBEX, CISCO, Cisco WebEx, the CISCO logo, and the Cisco WebEx logo are trademarks or registered trade­ marks of Cisco Systems, Inc. and/or its affiliated entities in the United States and other countries. ZOOM is a registered trademark of Zoom Video Communications, Inc.
Dedication This book is dedicated to the next generation of application security professionals to help alleviate the struggle to reverse the curses of defective software no matter where it shows up. vii
Dedication vii Contents ix List of Figures and Tables xix Preface xxi How This Book Is Organized xxii About the Author xxv Chapter 1: Today’s Software Development Practices Shatter Old Security Practices 1 CHAPTER OVERVIEW 1 CHAPTER TAKEAWAYS 1 1.1 Over the Waterfall 2 1.2 What Is Agile? 3 1.3 Shift Left! 3 1.4 Principles First! 5 1.5 Summary 6 Chapter Quick Check 6 Exercises 7 References 7 Chapter 2: Deconstructing Agile and Scrum 9 CHAPTER OVERVIEW 9 CHAPTER TAKEAWAYS 9 2.1 The Goals of Agile and Scrum 11 2.2 Agile/Scrum Terminology 11 2.3 Agile/Scrum Roles 11 2.4 Unwinding Sprint Loops 13 Contents ix
2.5 Development and Operations Teams Get Married 15 2.6 Summary 16 Chapter Quick Check 18 Exercises 18 References 19 Chapter 3: Learning Is FUNdamental! 21 CHAPTER OVERVIEW 21 CHAPTER TAKEAWAYS 21 3.1 Education Provides Context, and Context Is Key 22 3.2 Principles for Software Security Education 22 3.3 Getting People’s Attention 23 3.4 Awareness versus Education 25 3.5 Moving into the Education Phase 25 3.6 Strategies for Rolling Out Training 27 3.7 Encouraging Training Engagement and Completion 27 3.8 Measuring Success 28 3.9 Keeping the Drumbeat Alive 28 3.10 Create and Mature a Security Champion Network 29 3.11 A Checklist for Establishing a Software Security Education, Training, and Awareness Program 30 3.12 Summary 30 Chapter Quick Check 30 Exercises 31 References 31 Chapter 4: Product Backlog Development—Building Security In 33 CHAPTER OVERVIEW 33 CHAPTER TAKEAWAYS 33 4.1 Functional versus Nonfunctional Requirements 34 4.2 Testing NFRs 36 4.3 Families of Nonfunctional Requirements 36 4.3.1 Availability 37 4.4 Capacity 38 4.5 Efficiency 38 4.6 Interoperability 39 4.7 Manageability 39 4.7.1 Cohesion 39 4.7.2 Coupling 40 4.8 Maintainability 40 x Practical Security for Agile and DevOps
4.9 Performance 41 4.10 Portability 41 4.11 Privacy 41 4.12 Recoverability 42 4.13 Reliability 43 4.14 Scalability 44 4.15 Security 44 4.16 Serviceability/Supportability 46 4.17 Characteristics of Good Requirements 46 4.18 Eliciting Nonfunctional Requirements 47 4.19 NFRs as Acceptance Criteria and Definition of Done 48 4.20 Summary 48 Chapter Quick Check 49 Exercises 49 References 50 Chapter 5: Secure Design Considerations 51 CHAPTER OVERVIEW 51 CHAPTER TAKEAWAYS 51 5.1 Essential Concepts 52 5.2 The Security Perimeter 52 5.3 Attack Surface 53 5.3.1 Mapping the Attack Surface 54 5.3.2 Side Channel Attacks 54 5.4 Application Security and Resilience Principles 55 5.4.1 Practice 1: Apply Defense in Depth 55 5.4.2 Practice 2: Use a Positive Security Model 57 5.4.3 Practice 3: Fail Securely 58 5.4.4 Practice 4: Run with Least Privilege 58 5.4.5 Practice 5: Avoid Security by Obscurity 59 5.4.6 Practice 6: Keep Security Simple 59 5.4.7 Practice 7: Detect Intrusions 60 5.4.8 Practice 8: Don’t Trust Infrastructure 60 5.4.9 Practice 9: Don’t Trust Services 61 5.4.10 Practice 10: Establish Secure Defaults 61 5.5 Mapping Best Practices to Nonfunctional Requirements (NFRs) as Acceptance Criteria 61 5.6 Summary 61 Chapter Quick Check 62 Exercises 63 References 63 Contents xi
Chapter 6: Security in the Design Sprint 65 CHAPTER OVERVIEW 65 CHAPTER TAKEAWAYS 65 6.1 Design Phase Recommendations 66 6.2 Modeling Misuse Cases 66 6.3 Conduct Security Design and Architecture Reviews in Design Sprint 67 6.4 Perform Threat and Application Risk Modeling 67 6.4.1 Brainstorming Threats 69 6.5 Risk Analysis and Assessment 70 6.5.1 Damage Potential 70 6.5.2 Reproducibility 71 6.5.3 Exploitability 71 6.5.4 Affected Users 71 6.5.5 Discoverability 71 6.6 Don’t Forget These Risks! 72 6.7 Rules of Thumb for Defect Removal or Mitigation 72 6.8 Further Needs for Information Assurance 73 6.9 Countering Threats through Proactive Controls 74 6.10 Architecture and Design Review Checklist 78 6.11 Summary 78 Chapter Quick Check 78 Exercises 79 References 80 Chapter 7: Defensive Programming 81 CHAPTER OVERVIEW 81 CHAPTER TAKEAWAYS 81 7.1 The Evolution of Attacks 82 7.2 Threat and Vulnerability Taxonomies 83 7.2.1 MITRE’s Common Weaknesses Enumeration (CWE) 83 7.2.2 OWASP Top 10—2017 84 7.3 Failure to Sanitize Inputs Is the Scourge of Software Development 86 7.4 Input Validation and Handling 86 7.4.1 Client-Side versus Server-Side Validation 89 7.4.2 Input Sanitization 89 7.4.3 Canonicalization 90 7.5 Common Examples of Attacks Due to Improper Input Handling 90 7.5.1 Buffer Overflow 90 7.5.2 OS Commanding 90 7.6 Best Practices in Validating Input Data 91 xii Practical Security for Agile and DevOps
7.6.1 Exact Match Validation 91 7.6.2 Exact Match Validation Example 91 7.6.3 Known Good Validation 92 7.6.4 Known Bad Validation 93 7.6.5 Handling Bad Input 94 7.7 OWASP’s Secure Coding Practices 94 7.8 Summary 95 Chapter Quick Check 95 Exercises 96 References 96 Chapter 8: Testing Part 1: Static Code Analysis 97 CHAPTER OVERVIEW 97 CHAPTER TAKEAWAYS 97 8.1 Fixing Early versus Fixing Later 97 8.2 Testing Phases 98 8.2.1 Unit Testing 98 8.2.2 Manual Source Code Reviews 99 8.2.3 The Code Review Process 100 8.3 Static Source Code Analysis 101 8.4 Automated Reviews Compared with Manual Reviews 102 8.5 Peeking Inside SAST Tools 103 8.6 SAST Policies 107 8.7 Using SAST in Development Sprints 107 8.8 Software Composition Analysis (SCA) 110 8.9 SAST is NOT for the Faint of Heart! 111 8.10 Commercial and Free SAST Tools 112 8.11 Summary 112 Chapter Quick Check 112 Exercises 113 References 113 Chapter 9: Testing Part 2: Penetration Testing/Dynamic Analysis/ IAST/RASP 115 CHAPTER OVERVIEW 115 CHAPTER TAKEAWAYS 115 9.1 Penetration (Pen) Testing 116 9.2 Open Source Security Testing Methodology Manual (OSSTMM) 116 9.3 OWASP’s ASVS 117 9.4 Penetration Testing Tools 119 Contents xiii
9.5 Automated Pen Testing with Black Box Scanners 119 9.6 Deployment Strategies 120 9.6.1 Developer Testing 121 9.6.2 Centralized Quality Assurance Testing 121 9.7 Gray Box Testing 121 9.8 Limitations and Constraints of Pen Testing 121 9.9 Interactive Application Security Testing (IAST) 122 9.10 Runtime Application Self-Protection (RASP) 122 9.11 Summary 123 Chapter Quick Check 123 Exercises 124 References 124 Chapter 10: Securing DevOps 127 CHAPTER OVERVIEW 127 CHAPTER TAKEAWAYS 127 10.1 Shifting Left All Around 127 10.1.1 Changing the Business Culture 129 10.2 The Three Ways That Make DevOps Work 130 10.3 The Three Ways Applied to AppSec 132 10.4 OWASP’s DevSecOps Maturity Model 134 10.5 OWASP’s DevSecOps Studio 135 10.6 Summary 135 Chapter Quick Check 135 Exercises 136 References 136 Chapter 11: Metrics and Models for AppSec Maturity 139 CHAPTER OVERVIEW 139 CHAPTER TAKEAWAYS 139 11.1 Maturity Models for Security and Resilience 140 11.2 Software Assurance Maturity Model—OpenSAMM 140 11.2.1 OpenSAMM Business Functions 142 11.2.2 Core Practice Areas 142 11.3 Levels of Maturity 143 11.3.1 Objective 144 11.3.2 Activities 144 11.3.3 Results 144 11.3.4 Success Metrics 144 11.3.5 Costs 144 xiv Practical Security for Agile and DevOps
11.3.6 Personnel 144 11.3.7 Related Levels 145 11.3.8 Assurance 145 11.4 Using OpenSAMM to Assess Maturity Levels 145 11.5 The Building Security In Maturity Model (BSIMM) 147 11.6 BSIMM Organization 150 11.7 BSIMM Software Security Framework 150 11.7.1 Governance 150 11.7.2 Intelligence 152 11.7.3 SSDL Touchpoints 152 11.7.4 Deployment 152 11.8 BSIMM’s 12 Practice Areas 153 11.9 Measuring Results with BSIMM 153 11.10 The BSIMM Community 153 11.11 Conducting a BSIMM Assessment 153 11.12 Summary 157 Chapter Quick Check 157 Exercises 158 References 158 Chapter 12: Frontiers for AppSec 159 CHAPTER OVERVIEW 159 CHAPTER TAKEAWAYS 159 12.1 Internet of Things (IoT) 159 12.1.1 The Industry Responds 160 12.1.2 The Government Responds 161 12.2 Blockchain 161 12.2.1 Security Risks with Blockchain Implementations 161 12.2.2 Securing the Chain 163 12.3 Microservices and APIs 163 12.4 Containers 165 12.4.1 Container Security Issues 165 12.4.2 NIST to the Rescue Again! 166 12.5 Autonomous Vehicles 167 12.6 Web Application Firewalls (WAFs) 167 12.7 Machine Learning/Artificial Intelligence 168 12.8 Big Data 169 12.8.1 Vulnerability to Fake Data Generation 169 12.8.2 Potential Presence of Untrusted Mappers 170 12.8.3 Lack of Cryptographic Protection 170 Contents xv
12.8.4 Possibility of Sensitive Information Mining 170 12.8.5 Problems with Granularity of Access Controls 170 12.8.6 Data Provenance Difficulties 171 12.8.7 High Speed of NoSQL Databases’ Evolution and Lack of Security Focus 171 12.8.8 Absent Security Audits 171 12.9 Summary Chapter Quick Check 171 171 Exercises 172 References 172 Chapter 13: AppSec Is a Marathon—Not a Sprint! 175 CHAPTER OVERVIEW 175 CHAPTER TAKEAWAYS 175 13.1 Hit the Road 176 13.2 13.3 Getting Involved with OWASP Certified Secure Software Lifecycle Professional (CSSLP®) 13.3.1 Why Obtain the CSSLP? 176 177 177 13.4 Higher Education 177 13.5 Conclusion 179 Chapter Quick Check 179 Exercises 180 References 180 Appendix A: Security Acceptance Criteria 181 Sample Acceptance Criteria for Seven Categories of Application Security Functions or Attributes 181 Appendix B: Resources for AppSec 187 Training 187 Cyber Ranges 187 Requirements Management Tools Threat Modeling 188 188 Static Code Scanners: Open Source Static Code Scanners: Commercial 188 189 Dynamic Code Scanners: Open Source 189 Dynamic Code Scanners: Commercial Maturity Models 189 189 Software Composition Analysis 190 IAST Tools 190 API Security Testing 190 xvi Practical Security for Agile and DevOps
Runtime Application Self-Protection (RASP) 190 Web Application Firewalls (WAFs) 191 Browser-centric Protection 191 Appendix C: Answers to Chapter Quick Check Questions 193 Glossary 203 Index 205 Contents xvii
Figure 1.1 Agile/Scrum Framework 4 Figure 2.1 Agile/Scrum Framework 10 Figure 2.2 A Typical User Story and Its Lifecycle 12 Figure 2.3 Expanded Activities Inside a Sprint 14 Figure 2.4 Agile and DevOps 16 Figure 2.5 DevSecOps Cycle 17 Figure 3.1 Bundles of Courses Stratified by Role in the SDLC 26 Figure 4.1 Software Development Pitfalls 35 Figure 5.1 Defense in Depth Illustrated 56 Figure 6.1 OWASP Top 10 Proactive Controls 74 Figure 6.2 Structure of OWASP Top 10 Proactive Controls Documentation 75 Figure 6.3 OWASP Secure Application Design Project Checklist 77 Figure 6.4 Simplified Data Flow Diagram 79 Figure 7.1 Burp Suite Features 88 Figure 7.2 Input Validation Techniques 91 Figure 7.3 Handling Bad Input 94 Figure 8.1 Code Review Process 100 Figure 8.2 SAST Model of Environment under Analysis 105 Figure 8.3 Finding Vulnerabilities Using SAST 106 Figure 8.4 Some Sample Veracode-Recognized Cleansers 109 Figure 9.1 Application Security Verification Standard (ASVS) Version 4 Levels 118 Figure 10.1 DevSecOps Cycle 128 Figure 10.2 The Three Ways for DevOps—The First Way: Systems Thinking 131 List of Figures and Tables xix
Figure 10.3 The Three Ways for DevOps—The Second Way: Amplify Feedback Loops 131 Figure 10.4 The Three Ways for DevOps—The Third Way: Culture of Continual Experimentation and Learning 132 Figure 11.1 OpenSAMM Model 141 Figure 11.2 Sample OpenSAMM Assessment Worksheet Extract 146 Figure 11.3 Sample OpenSAMM Scorecard 148 Figure 11.4 Excerpt of a Sample OpenSAMM Roadmap 149 Figure 11.5 The BSIMM Software Security Framework 151 Figure 11.6 BSIMM’s 12 Practices 154 Figure 11.7 BSIMM Average World Maturity Levels Across the 130 Participants in BSIMM V11 155 Figure 11.8 BSIMM Average Maturity Levels Across Financial Services, Insurance, and Healthcare 156 Table 3.1 Checklist for Education Program Success 30 Table 4.1 Levels of Software Criticality 43 Table 4.2 Characteristics of Good Requirements 47 Table 5.1 Nonfunctional Requirements Mapped to Development Best Practices 62 Table 6.1 Design Phase Recommendations 66 Table 6.2 Example DREAD Scoring Sheet 72 Table 13.1 SANS Institute Curriculum for Application Security Professionals 178 xx Practical Security for Agile and DevOps
Preface This book was written from the perspective of someone who began his software security career in 2005, long before the industry began focusing on it. Making all the rookie mistakes one tends to make without any useful guidance quickly turns what’s supposed to be a helpful pro­ cess into one that creates endless chaos and lots of angry people. After a few rounds of these rookie mistakes, it finally dawned on me that we’re going about it all wrong. Software security is actually a human factor issue, not a technical or process issue alone. Throwing technology into an environment that expects people to deal with it, but failing to prepare them technically and psychologically with the knowledge and skills needed, is a certain recipe for bad results. Think of this book as a collection of best practices and effective implementation recom­ mendations that are proven to work. I’ve taken the boring details of software security theory out of the discussion as much as possible to concentrate on practical applied software security for practical people. This is as much a book for your personal benefit as it is for your academic and organization’s benefit. Professionals who are skilled in secure and resilient software development and related tasks are in tremendous demand today, and this demand will increase exponentially for the foreseeable future. As you integrate these ideas into your daily duties, your value increases to your company, your management, your community, and your industry. Practical Security for Agile and DevOps was written with the following people in mind: • Students in higher education programs within business or engineering disciplines • Appsec architects and program managers in Information Security organizations • Enterprise architecture teams with a focus on application development • Scrum Teams ○ Scrum Masters ○ Engineers/developers ○ Analysts ○ Architects ○ Testers • DevOps teams • Product owners and their management xxi
xxii Practical Security for Agile and DevOps • Project managers • Application security auditors • Agile coaches and trainers • Instructors and trainers in academia and private organizations How This Book Is Organized • Chapter 1 brings the state of software development up to date after the tsunami of changes that have flipped software development and application security practices on their head since the first edition of this book came out. • Chapter 2 takes a detailed look at the Agile and Scrum software development methodol­ ogy to explore how security controls need to change in light of an entirely new paradigm on how software is developed and how software is used. • Chapter 3 focuses on ways to educate everyone who has a hand in any software develop­ ment project with appropriate and practical skills to Build Security In. We look at ways of influencing development teams to espouse software security in their day-to-day activi­ ties, establishing a role-based curriculum for everyone, suggestions on how to roll out training, and ways to “keep the drumbeat alive” all year long through outreach and events. • Chapters 4 looks at the specification steps of new or altered software with ways to incor­ porate security controls and other nonfunctional requirements into user stories that bring to life the concepts of “Shift Left” and Building Security In. This chapter examines 15 families of nonfunctional requirements and 11 families of application security controls. • Chapter 5 moves into foundational and fundamental principles for secure application design. It covers important concepts, techniques, and design goals to meet well-understood acceptance criteria on features an application must implement. • Chapter 6 examines how the design sprint is adapted for proper consideration of security and other nonfunctional requirements (NFRs) and ways to conduct threat modeling, application risk analysis, and practical remediation while the design is still malleable. • Chapter 7 on defensive programming includes information on the Common Weaknesses Enumeration (CWE™), the OWASP Top 10 (2017), and some ways to address the funda­ mental scourge of application security vulnerabilities—failure to sanitize inputs. • Chapter 8 is focused on white box application analysis with sprint-based activities to improve security and quality of an application under development. Static code analysis is covered in depth for context on what these tools do and the assumptions they use for operating. • Chapter 9 looks at black box or grey box analysis techniques and tools for testing a run­ ning version of an application for software or quality shortcomings. • Chapter 10 is focused on techniques and activities to help transform the DevOps process into a DevSecOps process with appropriate controls, metrics, and monitoring processes. • Chapter 11 looks at two popular software maturity and metrics models for helping you to determine the effectiveness and maturity of your secure development program. • Chapter 12 takes a survey of the frontier where software use is expanding. It covers topics including Internet of Things (IoT), artificial intelligence (AI), machine learning, block- chains, microservices, application programming interfaces (APIs), containers, and more.
Preface xxiii • Chapter 13 closes the book with a call to action to help you gain access to professional education, certification programs, and industry initiatives to which you can contribute. Each chapter logically builds on prior chapters to help you paint a complete set of practical steps that lead to secure and resilient application software and responsive, secure development practices that predictably and reliably produce high-quality and resilient applications.
About the Author Mark S. Merkow, CISSP, CISM, CSSLP, works at HealthEquity, Inc., in Tempe, Arizona, helping to lead application and IT security architecture and engineering efforts in the office of the CISO. In addition to his day job, Mark is a faculty member at the University of Denver, where he works on developing and instructing online courses in topics across the Information Security spectrum, with a focus on secure software development. He also works as an advisor to the University of Denver’s Information and Computing Technology Curriculum Team for new course development and changes to the curriculum. Mark has over 40 years of experience in IT in a variety of roles, including application development, systems analysis and design, security engineering, and security management. Mark holds a Master of Science in Decision and Information Systems from Arizona State University (ASU), a Master of Education in Distance Education from ASU, and a Bachelor of Science in Computer Information Systems from ASU. Mark has authored or coauthored 17 books on IT and has been a contributing editor to four others. Mark remains very active in the information security community, working in a variety of volunteer roles for the Phoenix Chapters of (ISC)2®, ISACA®, and OWASP. You can find Mark’s LinkedIn® profile at: linkedin.com/in/markmerkow xxv
Chapter 1 Today’s Software Development Practices Shatter Old Security Practices CHAPTER OVERVIEW Software development techniques and methodologies leapfrog over themselves constantly, making efforts to secure them a moving target that won’t wait. To address this fact, it’s essen­ tial that application security controls and their implementation are as agile as the development processes they support. In this chapter, you’ll find some strategies to address these moving targets, while applying tried-and-true security control implementations that remain standing over time. CHAPTER TAKEAWAYS • Examine the changes in the software development lifecycle (SDLC) since its inception. • Explain the Agile/Scrum Framework for modern day software development. • Describe the Shift Left approach to implementing software development security controls. • Understand the principles that apply to successful implementation of application security programs. In the decade since Secure and Resilient Software Development1 was published, the world of software development has flipped on its head; shed practices from the past; brought about countless changes; and revolutionized how software is designed, developed, maintained, oper­ ated, and managed. These changes crept in slowly at first, then gained momentum, and have since overtaken most of what we “know” about software development and the security tried-and-true methods 1
2 Practical Security for Agile and DevOps that we’ve relied on and implemented over the years. Involvement of application security (appsec) professionals—if it happened at all—happened WAY too late, after executive deci­ sions were already made to supplant old practices and the ink was already dried on contracts with companies hired to make the change. This late (or nonexistent) involvement in planning how to address security hobbles appsec practitioners who are forced to bargain, barter, or somehow convince development teams that they simply cannot ignore security. Compound this problem with the nonstop pace of change, and appsec professionals must abandon old “ways” and try to adapt controls to a moving target. Furthermore, the risks with all-new attack surfaces (such as autonomous vehicles), reliance on the Internet of Things (IoT), and software that comes to life with kinetic activity can place actual human lives in real danger of injury or death. Although we may have less work on our hands to convince people that insecure software is a clear and present danger, appsec professionals have to work much harder to get everyone on board to apply best practices that we are confident will work. A decade ago, we were striving to help appsec professionals convince development organi­ zations to—minimally—address software security in every phase of development, and for the most part over the decade, we saw that far more attention is being paid to appsec within the SDLC. Now, however, we’re forced to adapt how we do things to new processes that may be resistant to any changes that slow things down, while the risks and impacts of defective soft­ ware increase exponentially. Here’s the definition of software resilience that we’ll use throughout the book. This defini­ tion is an adaptation of the National Infrastructure Advisory Council (NIAC) definition of infrastructure resilience: Software resilience is the ability to reduce the magnitude and/or duration of disruptive events. The effectiveness of a resilient application or infrastructure software depends upon its ability to anticipate, absorb, adapt to, and/or rapidly recover from a potentially disruptive event.2 In this chapter, we’re going to survey this new landscape for these changes to update our own models on how to adapt to the brave new world and maintain software security, resilience, and agility. 1.1 Over the Waterfall New paradigms have rapidly replaced the Waterfall model of software development that we’ve used since the beginning of the software age. Agile and Scrum SDLCs have all but displaced the rigorous (and sometimes onerous) activities, and have most certainly displaced the notion of “phase containment,” which appsec professionals have counted on as a reliable means to prevent defects from creeping into subsequent phases. This new landscape includes Agile/Scrum, DevOps, continuous integration/continuous deployment (CI/CD), and the newest revolution working its way in, site reliability engineer­ ing (SRE). To adapt to these changes, we need to understand how the rigor we’ve put into Waterfall-based projects and processes has been swept away by the tsunami of change that demands more software, faster and cheaper.
Today’s Software Development Practices Shatter Old Security Practices 3 Changes in the software development paradigm forces change in the software security para­ digm, which MUST work hand-in-hand with what development teams are expected to do. While we typically had a shot at inspecting software for security issues at the end of the development cycle (because of phase containment), this control point no longer exists. The new paradigm we had to adopt is called Shift Left, preserving the notion that there are still phases in the SDLC, while recognizing the fact that there aren’t. 1.2 What Is Agile? In essence, Agile and Scrum are based on the philosophy that software takes on a life of its own, constantly being improved, extended, and enhanced, and these changes can be delivered in hours, rather than weeks, months, or years. Let’s take a look at the overall scope of the Agile/Scrum process, as shown in Figure 1.1. This diagram encapsulates all the processes described by Scrum and some suggested time frames showing how it compresses time into digestible bites that continue to produce software. Some new roles are also indicated (e.g., product owner and Scrum master), and teams are composed of ALL the roles you formerly find on separate teams using Waterfall methods. This means that one team is composed of the roles responsible for analysis, design, coding, testing, coordination, and ongoing delivery as new features are added, changes are made, or defects removed. It also means that work is not tossed over the wall to the next person in line to do “something.” The team is responsible for all the effort and results. A minimally viable product (MVP) is the first release of a new software application that’s considered “bare bones” but has sufficient functionality for release to the market before the competition releases their own version. While the actions are not shown in each sprint, they typically follow the same activities you’d find in the Waterfall model, but with more itera­ tions and fewer phase gates that control when software is tested and released. Software is then changed regularly and is never really considered “complete.” This creates severe challenges for appsec. We’ll examine the Agile/Scrum process in depth in Chapter 2 and look inside each sprint to see where security controls can work. 1.3 Shift Left! Shifting Left requires that development teams address software security from the very incep­ tion of a project (Build Security In) and in every step along the way to its manifestation. This means that everyone who has a hand in the specification and development of this new soft­ ware “product” clearly understands their security obligations and is prepared and able to meet those obligations. Security teams can no longer “do” security for development teams—the teams must be responsible and able to prove they’re living up to those expectations. We’ll talk about how to make this happen with development team awareness, training, and education in Chapter 3. Shifting left also requires new ways in how designers create solutions based on the require­ ments and how they vet those solutions for potential security problems, since they clearly
Figure 1.1 Agile/Scrum Framework (Source: Neon Rain Interactive, licensed under CC BY-ND 3.0 NZ)
Today’s Software Development Practices Shatter Old Security Practices 5 understand that changes in design, once an application is developed, will cost potentially hun­ dreds of times more than if the defects were caught while architecture and engineering is underway. Developers are affected because they’re not given the luxury of time for extensive testing, as they often had with former practices. Now, developers may release new code all day and see it deployed within minutes, so it’s vital that these developers “own” the responsibility for securing it, which means developing it using a defensive programming state of mind. Shifting Left in the development activity involves active use, and appropriate response, with security checks built directly into their integrated development environment (IDE)—for example, Visual Studio or Eclipse. Although these checks are on incomplete segments of an overall application, coding pro­ vides the first opportunity for security inspection and is needed to continue the cycle of appsec. Testing presents a major challenge to appsec because tolerance for long-running tests has all but disappeared. Although it’s true that a comprehensive (finished this time) application is needed for comprehensive testing, product managers won’t wait anymore while security tests are run, and vulnerable applications may be deployed (ship it now—fix it later). Shifting left in this environment forces security testing to happen incrementally, in what we used to call integration testing—the point in development at which all the elements come together to build a new version of the software. If the implementation of security testing is done correctly and responsively to the needs of the product managers, it can serve as a control to actually “break” a build and force remediation of defects. We’ll discuss this at length in Chapters 10 and 11 where we focus on testing. Taken together, shifting left in the appsec space makes it possible to gain the assurance we need that our applications are appropriately secure, but it changes the role of appsec profes­ sionals from “doing” appsec to needing to empower everyone who touches software in the SDLC with practical and appropriate knowledge, skills, and abilities. Although the names and accelerated pace have significantly changed how we deal with appsec, the activities of software development, as we understood them in Waterfall method­ ologies, are still present. Requirements are still being gathered, designs are still being built, coders are still coding, testers are still testing, and operators are still deploying and managing applications in production. We can apply what we know works to help secure applications in development, but we have to step back and let those who are intimate with the application do the heavy lifting and prove to us that they’ve done what they needed to do! At the end of the day, software security is a human factors issue—not a technical issue— and for appsec professionals to succeed in implementing application controls, it’s vital to treat the human factor in ways we know work, rather than throwing more tools at the problem. 1.4 Principles First! Before we dig into the details on how to create and maintain excellence in application security programs, let’s cover some enduring principles that we need to live by in everything we do to secure application software and the processes used to create it: • Secure application development is a PEOPLE issue, not a technical one. • Every intervention into the SDLC affects people.
6 Practical Security for Agile and DevOps • Shift Left within the SDLC as much of the appsec work as you can—the more security work that’s performed closest to the point at which defects are introduced is the surest way of eliminating them and preventing “defect creep” from one phase or activity to the next. • AppSec tools are great but are of questionable use if the people using them don’t understand: ○ What the tool is telling them ○ Why their code is vulnerable ○ How their code is vulnerable ○ What do to about the vulnerability • People can only deal with so much change at one time—too many changes all at once to their processes leads to chaos and, ultimately, rebellion. • Automate everything that you can (scanning, remediation planning, retesting, etc.). • There are only so many of us in the information security departments, but there are thousands of development team staff who need accountability. Don’t treat security as a punishment or barrier. Convince development team members that it empowers them— makes them more valuable as employees and members of the development community— and they’ll quickly learn that it does all these things! 1.5 Summary In Chapter 1, we surveyed the modern-day landscape on how software is developed, oper­ ated, and managed to understand the impacts these changes have imposed on how we design, develop, and implement control mechanisms to assure software security and resilience. We’ll begin to explore how appsec professionals can use Agile practices to improve Agile practices with security controls and how baking in security from the very start is the surest way to gain assurance that your applications can stand up and recover from chronic attacks. Chapter Quick Check 1. A design principle to guide the selection of controls for an application to ensure its resil­ ience against different forms of attack, and to reduce the probability of a single point of failure in the security of the system is called: a) Defense in depth b) Least privilege c) Security by obscurity d) Secure defaults 2. Poor Application Software Security is: a) A network security problem b) An operating system security problem c) A software development and engineering problem d) A user-caused problem
3. Giving a program the minimal authority to access resources is called: a) Principle of Keep Security Simple b) Principle of Least Privilege c) Principle of Fail Securely d) Principle of Defense in Depth Exercises 1. Everyone feels the effects of flawed or vulnerable software when it’s attacked, and you’ve likely seen some of the consequences from these attacks. Who is (or should be) ulti­ mately responsible for assuring that software that’s released into the wild of the Internet is developed and operated with security in mind? 2. You can get software cheap and fast, but it won’t be very good. You can get it good and fast, but it won’t come cheaply. Consider these tradeoffs and consequences: • What do you think the choices being made are in today’s international software develop­ ment community? • What do you think we can do to change this and end the scourge of bad software? References 1. Merkow, M. S. and Raghavan, L. (2010). Secure and Resilient Software Development. Boca Raton (FL): CRC Press. 2. Department of Homeland Security (DHS). (2009, September 8). Critical Infrastructure Resilience Final Report and Recommendations. National Infrastructure Advisory Council (NIAC). Retrieved June 11, 2019, from http://www.dhs.gov/xlibrary/assets/niac/niac_critical_ infrastructure_resilience.pdf Today’s Software Development Practices Shatter Old Security Practices 7
Chapter 2 Deconstructing Agile and Scrum CHAPTER OVERVIEW Chapter 2 provides an examination of the activities found in the Scrum Model and how to implement security controls. The movement to Scrum and DevOps underscores the need for changes related to People, Process, and Technology that moves an organization from silo-based software development to community- and team-based marriages that ultimately form into DevSecOps that “Build Security In” for all custom-developed software. CHAPTER TAKEAWAYS • Determine the placement and timing of security activities in Scrum sprints for architec­ ture and development. • Determine steps that lead to “Shifting Left” the performance of security controls to pre­ vent impeding the natural flow of Scrum processes. • Examine the DevSecOps environment in which automation of security controls improves both the software development lifecycle (SDLC) process and the software that it produces. For purposes of context setting and terminology, we’re going to deconstruct the Agile/Scrum development methodology to discover areas in which appsec controls help in securing software in development and also help to control the development methodology itself. We’ll look at ways to use Agile to secure Agile. Let’s revisit the overall scope of the Agile/Scrum process, shown in Figure 2.1 (originally Figure 1.1). There’s Agile/Scrum as a formal, strict, tightly controlled process, and then there’s Agile/ Scrum as it’s implemented in the real world. Implementation of Agile will vary from the fun­ damentalist and purist views to various elements that appear as Agile-like processes, and every­ thing in between. It’s less important HOW it’s implemented in your environment than it is to understand WHAT your specific implementation means to your appsec efforts. 9
Figure 2.1 Agile/Scrum Framework (Source: Neon Rain Interactive, licensed under CC BY-ND 3.0 NZ)
Deconstructing Agile and Scrum 11 2.1 The Goals of Agile and Scrum Agile software development refers to software development lifecycle (SDLC) methodologies based on the idea of iterative development, in which requirements and solutions evolve through collaboration between self-organizing, cross-functional teams. Agile development is designed to enable teams to deliver value faster, with greater quality and predictability and greater abili­ ties to respond to change.1 Scrum and Kanban are the dominant implementations of Agile, and Scrum is the one most often found in software development organizations. 2.2 Agile/Scrum Terminology Here are some common terms and roles found within Agile SDLCs: Product—the application under development, enhancement, or replacement. Product Backlog—the list of features or requirements that the product must include. These features are prioritized by the product owner for submission to sprints. Product Owner—typically from a business unit or business area who becomes responsible for the creation of new products through the specifications (user stories) they create and add to the product backlog. Think of the product owner as the sponsor of the work the team performs overall. Often, the Scrum team and the product owner work in entirely different organizations (a business unit outside of the technology division of the firm). User Stories—help to shift the focus from writing about requirements to talking about them.2 Stories use nontechnical language to provide context for the development team and their efforts. After reading a user story, the team knows why they are building what they’re build­ ing and what value it creates.3 User stories are added to sprints and “burned down” over the duration of the sprint. Figure 2.2 depicts an example of a typical user story4: Sprint—a fixed, time-boxed period of time (typically from 2 to 4 weeks), during which spe­ cific prioritized requirements (user stories) are fed in from the product backlog for design or development. Definition of Done (DoD)—An important Scrum concept that documents the state of the product in relation to the acceptance criteria across all the user stories within a product increment. DoD user stories can drive the quality of work and are used to assess when a user story has been completed and meets all acceptance criteria. 2.3 Agile/Scrum Roles Scrum role team titles are only relevant in establishing each person’s specific expertise, but they don’t lock those who are in that role into only performing that activity. Teams are
Figure 2.2 A Typical User Story and Its Lifecycle (Source: Stowe, M. Going Agile: The Anatomy of a User Story. Blog. Retrieved from https://seilevel.com/requirements/the-anatomy-of-a-user-story. Used with permission of Seilevel.)
Deconstructing Agile and Scrum 13 self-organizing, so expertise is shared across the team as needed to meet their objectives. The following are those roles of the team that you commonly find in Scrum: • Scrum Master is the person who serves as conductor and coach to help team members carry out their duties. Scrum masters are experts on Scrum, oversee the project through­ out, and offer advice and direction. The Scrum master most often works on one project at a time, gives it their full attention, and focuses on improving the team’s effectiveness.5 • Analysts work with the product owner and Scrum master to develop and refine the user stories that are submitted for development within a development sprint. • Architects work on the design of the application architecture and design to meet the requirements described by the user stories. Design work is conducted in a design sprint, sometimes called sprint zero. • Designers work on the aspects of the product that relate to user interfaces and user expe­ rience with the product. Essentially, designers are translators for the following aspects of the product6: ○ Translate users’ desires and concerns for product owners. ○ Translate features for users—how the product will actually work and what it looks like. ○ Translate experiences and interfaces for engineers. • Engineer/Lead Engineer/Developers work to build (code) the features for the applica­ tions based on user story requirements for each sprint. • Testers/Quality Assurance (QA) Leads are those who work to determine if the applica­ tion being delivered meets the acceptance criteria for the user stories and help to provide proof for the DoD for those user stories and, ultimately, the product. As you’ll see in Chapter 3, each of these roles require specialized application security train­ ing to help them to gain the skills they need for ownership and responsibility of security for their product. 2.4 Unwinding Sprint Loops With the basic model and understanding of the roles people play within Scrum, let’s now take a look at what happens inside each sprint as the cycle of development proceeds. Figure 2.3 expands on the steps inside a sprint loop.7 Under the paradigm of Building Security In, you can find opportunities for effective secu­ rity controls throughout the product’s lifecycle. Beginning with Requirements Refinement for product backlog development, this is the opportunity to specify security functional and nonfunctional requirements (NFRs) as user stories or constraints on existing user stories in the form of acceptance criteria that drives the DoD. This approach forces everyone on the team to not only consider security but also describe exactly how they plan to meet the control needs. This basic step will drive all follow- on activity to address security requirements and concerns head on through the analysis stage,
Other documents randomly have different content
world. Travellers had but few facilities in those days: the rough fishing boat across the often angry loch; the coach that in October did not run “every lawful day,” but only at intervals; the absence of all comfortable accommodation would grievously affect the young men nowadays who set out in a sleeping carriage from the depths of the Highlands to take their berths in a P. and O. Robbie thought of none of these luxuries, which were not yet invented. His parting from his father and brother was not emotional: all that had been got over when the group about the doors had waved their last good-bye. He was more anxious about the portmanteaux, upon which he looked with honest pride, and which contained among many other things the defective half-dozen of handkerchiefs. Ronald Drummond met him at the side of the loch with his boxes, which contained a more ample outfit than Robbie’s, and the sword-case which had been in the Peninsula, a distinction which drew all eyes. “It’s me the next,” Jock shouted as a parting salutation, as the brown sail was hoisted, and the boat, redolent of herrings, carried the two adventurers away. “Weel,” said Marg’ret, “the laddie’s gane, and good go with him. It’s ane less to think of and fend for. And we must just all go back to our work. Whoever comes or whoever goes, I have aye my dinner to think of, and the clean clothes to be put into the drawers, and the stockings to darn a’ the same.” “If you’ll put an iron to the fire, Marg’ret, I’ll come and do the collars,” said Mary, “he was always so particular, poor Robbie. There will be no fyke now with trying to please him.” “I cannot settle to work,” said Kirsteen, “and I will not. I’m not just a machine for darning stockings. I wish I was Robbie going out into the world.” “Oh, Kirsteen, come and see the rabbits he gave me,” said Jeanie. “He would not trust one of them to the boys, but gave them to me. Come and take them some lettuce leaves. It will keep us in mind of Robbie.” There was perhaps some danger that the recollection of the brother departed would not last very long. So many had gone before him and there were still others to go. But Kirsteen avoided Jeanie and the rabbits and suddenly remembered something she had to get at the “merchant’s,” which was a full mile off— worsted for her mother’s knitting and needles for herself, who was always,
to the reprobation of the elder members of the family, losing her needles. She was glad to represent to herself that this errand was a necessity, for a house without needles how can that be? and poor mother would be more dependent than ever on everything being right for her work, on this melancholy day. It was still quite early, about nine o’clock, and it was with a compunction that Kirsteen gave herself the indulgence of this walk. A morning away from work seemed to her almost an outrage upon life, only to be excused by the circumstances and the necessity of the errand. She walked along the familiar road not noting where she went, her thoughts far away, following the travellers, her mind full of an agitation which was scarcely sorrowful, a sort of exaltation over all that was common and ordinary. The air and the motion were good for her, they were in harmony with that condition of suppressed excitement in which from the depths of her being everything seemed bubbling up. Kirsteen’s soul was like one of the clear pools of the river by which she walked, into which some clear, silvery, living thing had leaped and lived. Henceforward it was no more silent, no longer without motion. The air displaced came up in shining globules to the surface, dimpling over the water, a stir was in it from time to time, a flash, a shimmering of all the ripples. Her mind, her heart were like the pool—no longer mirroring the sky above and the pathway ferns and grasses on the edge, but something that had an independent life. She roamed along without being able to tell, had any one asked her, where she was. The road was a beautiful road by the side of a mountain stream, which was only called the burn, but which was big enough for trout or even now and then salmon—which ran now along the side of the bill, now diving deep down into a ravine, now half hid with big overreaching banks, now flinging forth upon a bit of open country, flowing deep among the rocks, chattering over the shallows, sometimes bass sometimes treble, an unaccountable, unreasonable, changeable stream. Red rowan-tree berries hung over it reflecting their colour in the water. The heather on the hill came in deep russet tones of glory defeated, and the withered bracken with tints of gold, all gaining a double brilliancy from the liquid medium that returned their image. To all these things Kirsteen was so well accustomed that perhaps she did not at any time stop to note them as a stranger might have done. But to-day she did not know what was about her; she was walking in more beautiful landscapes, in the land of imagination, by the river of love, in the country of the heart. The pays du tendre which was
ridiculous when all the fine ladies and gentlemen postured about in their high-heeled shoes is not absurd when a fresh and simple maiden crosses its boundary. She went down the glen to the merchant’s and chose her wool, and bought her needles, and said a few words to the women at their doors, and shed a few more tears when they were sorry for her about her brother’s going away, without ever leaving that visionary country, and came back from the village more deeply lost in it than ever, and hearing the whisper of last night in every motion of the branches and every song of the burns. “Will ye wait for me, Kirsteen?” though it was only this morning that he went away, and years and years must pass before he came back—“Ay, that I will! That I will.” She had nearly reached home again, coming back from the merchant’s— for even her reverie and the charm of it could not keep Kirsteen’s step slow, or subdue its airy, skimming tread—when she came up to the carter with his cart who had carried Robbie’s luggage to Inveralton. She stopped to speak to him, and walked along by his side timing her steps to those of his heavy, slow tread and the movement of the laborious, patient horse. “Did you see him, Duncan?” she said. “Oh, ay, I saw him—and they got away fine in James Macgregor’s boat; and a quick wind that would carry them over the loch in two or three minutes.” “And how was he looking, Duncan?” “ ’Deed, Miss Kirsteen, very weel: he’s gaun to see the world—ye canna expect a young boy like that to maen and graen. I have something here for you.” “Something for me!” She thought perhaps it was something that had been put into the gig by mistake, and was not excited, for what should there be for her? She watched with a little amusement Duncan’s conflict with the different coats which had preserved his person from the night cold. He went on talking while he struggled. “The other laddie, Jock, I left to come home with the maister in the gig. He thought it was fine—but I wouldna wonder if he was regretting Duncan and the cart—afore now. Here it is at last, and a fecht to get it. It is a book from Maister Ronald that you gave him a loan of—or something o’ that kind—if I could but mind what gentles say—”
“Gave him—a loan of—?” cried Kirsteen, breathless. She had to turn away her head not to exhibit to Duncan the overwhelming blush which she felt to cover her from head to foot. “Oh, yes,” she added after a moment, taking the little parcel from his hand, “I—mind.” Let us hope that to both of them the little fiction was forgiven. A loan of —she had nothing to lend, nor had he ever borrowed from her. It was a small paper parcel, as if it contained a little book. Kirsteen never could tell how she succeeded in walking beside the carter for a few steps further, and asking him sedately about his wife and the bairns. Her heart was beating in her ears as if it would burst through. It was like a bird straining at its bonds, eager to fly away. Then she found herself at home where she had flown like the wind, having informed Duncan that she was “in a great hurry”—but in the passage, on the way to her own room, she met Mary, who was coming from the kitchen with a number of shining white collars in her arms which she had been ironing. “Where have you been?” said Mary. “My mother has been yammering for you. Is this an hour of the day to go stravaighing for pleasure about the roads?” Mary pronounced the last word “rods,” though she prided herself on being very correct in her speech. “Me—I have been to the merchant’s for my mother’s fingering for her stockings,” Kirsteen said breathlessly. “It was wheeling she wanted,” said Mary with exasperating calm; “that’s just like you, running for one thing when it’s another that’s wanted. Is that it in that small parcel like a book?” “No, that’s not it,” said Kirsteen, clasping the little parcel closer and closer. “It’s some poetry-book you’ve had out with you to read,” said her sister, as if the acme of wrong-doing had been reached. “I would not have thought it of you, Kirsteen, to be reading poetry about the rods, the very morning that Robbie’s gone away. And when my mother is so ill she cannot lift her head.” “I’ve been reading no poetry,” cried Kirsteen, with the most poignant sense of injury. “Let me pass, Mary, I’m going up the stair.”
But it was Marg’ret now who interposed, coming out at the sound of the altercation. She said, “Miss Kirsteen, I’m making some beef-tea for the mistress. Come in like a dear and warm your hands, and ye can carry it up. It will save me another trail up and down these stairs.” Kirsteen stood for a moment obstructed on both sides with a sense of contrariety which was almost intolerable. Tears of vexation rose to her eyes. “Can I not have a moment to myself?” she cried. “To read your poetry!” Mary called after her in her mild little exasperating voice. “Whist, whist, my lamb, say nothing,” said Marg’ret. “Your mother canna bide to have a talking. Never you mind what she says, think upon the mistress that’s lying up there, wanting to hear everything and canna— wanting to be in the middle of everything and no equal to it. It was no that I grudge going up the stairs, but just to keep a’ things quiet. And what’s that you’ve gotten in your hand?” “It’s just a small parcel,” said Kirsteen, covering it with her fingers. “It’s just a—something I was buying—” “Not sweeties,” said Marg’ret solemnly; “the bairns had more than plenty last night—” “Never you mind what it is,” said Kirsteen with a burst of impatience, thrusting it into her pocket. “Give me the beef-tea and I’ll take it up stairs.” Mrs. Douglas lay concealed behind her curtains, her face almost in a fluid state with constant weeping. “Oh, set it down upon the table,” she said. “Do they think there’s comfort in tea when a woman has parted with her bairn? And where have ye been, Kirsteen? just when I was in want of ye most; just when my head was sorest, and my heart like to break—Robbie gone, and Mary so taken up with herself, and you—out of the way—” “I’m very sorry, mother,” said poor Kirsteen. “I ran down to the merchant’s to get you your yarn for your knitting. I thought you would like to have it ready.” Mrs. Douglas rocked her head back and forward on her pillow. “Do I look like a person that’s thinking of yarn or of stockings, with my head aching and my heart breaking? And none of you can match a colour. Are you sure it’s the same? Most likely I will just have to send Marg’ret to change it. What’s that bulging out your pocket? You will tear every pocket you have with parcels in it as if ye were a lad and not a lass.”
“It’s only a very small thing,” said Kirsteen. “If that’s the yarn ye should never let them twist it up so tight. It takes the softness all out of it. Where are ye going the moment you’ve come back? Am I to have nobody near me, and me both ill in body, and sore, sore distrest in mind? Oh, Kirsteen, I thought ye had a truer heart.” “Mother, my heart’s true,” cried the girl, “and there’s nothing in the world I would not do to please you. But let me go and put away my things, let me go for a moment, just for a moment. I’ll be back again before you’ve missed me.” “You’re not always so tidy to put away your things,” said the invalid; “sit down there by my bedside, and tell me how my bonnie lad looked at the last. Did he keep up his heart? And was your father kind to him? And did you see that he had his keys right, and the list of all his packages? Eh, me, to think I have to lie here and could not see my laddie away.” “But, mother, you have never done it,” said Kirsteen, “to any of the boys —and Robbie never expected—” “You need not mind me,” said Mrs. Douglas, “of the waik creature I’ve always been. Aye in my bed or laid up, never good for anything. If you’ll lift me up a little, Kirsteen, I might maybe try to swallow the beef tea; for eh! I have much, much need of support on such a doleful day. Now another pillow behind my back, and put the tray here; I cannot bear the sight of food, but I must not let my strength run down. Where are you going now, you restless thing? Just stay still where you are; for I cannot do without you, Kirsteen. Kirsteen, do you hear me? The doctor says I’m never to be left by myself.” It was not till a long time after that Kirsteen was free. Her eager expectation had fallen into an aching sense of suspense, a dull pang that affected both mind and body. Instead of the rapid flight to her room full of anticipation in which she had been arrested in entering the house, she went soberly, prepared for any disenchantment. The room was shared with her younger sister Jeanie, and it seemed quite probable that even a moment’s solitude might be denied her. When she found it empty, however, and had closed the door upon herself and her secret, it was with trembling hands that she opened the little parcel. It might be the handkerchief sent back to her, it might be some other plain intimation that he had changed his mind. But when the covering was undone, Kirsteen’s heart leaped up again to that
sudden passion of joy and content which she had first known yesterday. The parcel contained the little Testament which Ronald had carried to church many a Sunday, a small book bound in blue morocco, a little bent and worn with use. On the flyleaf were his initials R. D., the letters of the handkerchief, and underneath C. D. freshly written. He had made rather clumsily, poor fellow, with a pencil, a sort of Runic knot of twisted lines to link the two names together. That was all. Nowadays the young lover would at least have added a letter; seventy years ago he had not thought of it. Kirsteen’s heart gave a bound in her breast, and out of weariness and contradiction and all the depressing influences of the morning, swam suddenly into another world: a delicious atmosphere of perfect visionary bliss. Never were public betrothals more certain, seldom so sweet. With a timid movement, blushing at herself, she touched with her lips the letters on the title-page.
PART II. CHAPTER V. Mr. Douglas of Drumcarro was the son of one of the Scotch lairds who had followed Prince Charlie, and had been attainted after the disastrous conclusion of the Forty-Five. Born in those distracted times, and learning as their very first lessons in life the expedients of a hunted man to escape his pursuers, and the anguish of the mother as to the success of these expedients, the two half-comprehending children, twin boys, had grown up in great poverty and seclusion in the corner of a half-ruined house which belonged to their mother’s father, and within cognizance of their own real home, one of the great houses of the district which had passed into alien hands. When they set out to make their fortune, at a very early age, their mother also having in the meantime died, two half-educated but high- spirited and strongly-feeling boys, they had parted with a kind of vow that all their exertions should be addressed to the task of regaining their old possessions and home, and that neither should set foot again upon that beloved alienated land until able in some measure to redeem this pledge. They went away in different directions, not unconfident of triumphantly fulfilling the mutual promise; for fame and fortune do not seem very difficult at sixteen, though so hard to acquire at a less hopeful age. Willie, the younger, went to England, where some relations helped him on and started him in a mildly successful career. He was the gentlest, the least determined of the two, and fortune overtook him in a manner very soothing after his troubled boyhood in the shape of a mild competency and comfort, wife and children, and a life altogether alien to the romance of the disinherited with which he had begun. But Neil Douglas, the elder, went further afield. He went to the West Indies, where at that period there were fortunes for the making, attended however by many accessories of which people in the next generation spoke darkly, and which still, perhaps, among unsophisticated people survive in tradition, throwing a certain stain upon the planter’s fortunes. Whether these supposed cruelties and horrors were all or almost all the exaggerations of a following agitation, belonging like many similar atrocities in America to the
Abolitionist imagination, is a question unnecessary to discuss. Up to the time at which this story begins, whenever Mr. Douglas of Drumcarro quarrelled with a neighbour over a boundary line or a shot upon the hill- side, he was called “an auld slave-driver” by his opponent, with that sense of having power to exasperate and injure which gives double piquancy to a quarrel. And of him as of many another such it was told that he could not sleep of nights; that he would wake even out of an after-dinner doze with cries of remorse, and that dreams of flogged women and runaways in the marshes pursued him whenever he closed his eyes. The one thing that discredited these popular rumours among all who knew Drumcarro was that he was neither tender-hearted nor imaginative, and highly unlikely to be troubled by the recollection of severities which he would have had no objection to repeat had he had the power. The truth was that he had by no means found fortune so easily as he had hoped, and had worked in every way with a dogged and fierce determination in spite of many failures, never giving up his aim, until at last he had found himself with a little money, not by any means what he had looked for and wanted, but enough to buy a corner of his old inheritance, the little Highland estate and bare little house of Drumcarro. Hither he came on his return from Jamaica, a fierce, high- tempered, arbitrary man, by no means unworthy of the title of “auld slave- driver,” so unanimously bestowed upon him by his neighbours, who, however, could not ignore the claims of his old Douglas blood however much they might dislike the man. He had married a pretty little insipid girl, the daughter of one of his brother’s friends in “the south country,” who brought with her a piano and a few quickly-fading airs and graces to the Highland wilds, to sink as soon as possible into the feeble and fanciful invalid, entirely subject to her husband’s firmer will and looking upon him with terror, whom the reader has already seen. Poor Mrs. Douglas had not vigour enough to make the least stand against her fate. But for Marg’ret she would have fallen at once into the domestic drudge which was all Drumcarro understood or wanted in a wife. With Marg’ret to preserve her from that lower depth, she sank only into invalidism—into a timid complaining, a good deal of real suffering, and a conviction that she was the most sorely tried of women. But she bore her despotic husband seven boys without a blemish, robust and long-limbed lads equal to every encounter with fate. And this made him a proud man among his kind, strongly confident of vanquishing every adverse
circumstance, in their persons at least, if not, as Providence seemed to have forbidden, in his own. He set his whole heart upon these boys—struggling and sparing to get a certain amount of needful education for them, not very much, it must be allowed; and by every means in his power, by old relationships half-forgotten, by connections of his West Indian period, even by such share as he could take in politics, contrived to get appointments for them, one after another, either in the King’s or the Company’s service for India. The last was much the best of any; it was a fine service, with perpetual opportunities of fighting and of distinction, not so showy as the distinctions to be gained in the Peninsula, but with far better opportunities of getting on. The four eldest were there already, and Robbie had started to follow them. For Jock, who took to his books more kindly than the others, there was a prospect of a writership. It was more easy in those days to set young men out in the world than it is now. Your friends thought of them, your political leaders were accessible; even a passing visitor would remark the boys in your nursery and lend a friendly hand. Nobody lends a friendly hand nowadays, and seven sons is not a quiverful in which a poor man has much reason to rejoice. On the other hand the girls at Drumcarro were left without any care at all. They were unlucky accidents, tares among the wheat, handmaids who might be useful about the house, but who had no future, no capabilities of advancing the family, creatures altogether of no account. Men in a higher position than the laird of Drumcarro might have seen a means of strengthening their house by alliances, through the means of four comely daughters, but the poor little Highland lairdlings, who were their only possible suitors, were not worth his trouble, and even of them the supply was few. They too went out into the world, they did not remain to marry and vegetate at home. Mr. Douglas felt that every farthing spent upon the useless female portion of his household was so much taken from the boys, and the consequence was that the girls grew up without even the meagre education then considered necessary for women, and shut out by poverty, by pride, by the impossibility of making the appearance required to do credit to the family, even the homely gaieties of the country-side. They grew up in the wilds like the heather and the bracken, by the grace of nature, and acquired somehow the arts of reading and writing, and many housewifely accomplishments, but without books, without society, without any break in the monotony of life or prospect in their future. Their brothers
had gone off one by one, depriving them in succession of the natural friends and companions of their youth. And in this way there had happened a domestic incident never now named in Drumcarro; the most awful of catastrophes in the experience of the younger members of the family. The eldest of the girls, named Anne, was the handsomest of the three elder sisters. She was of the same type of beauty which promised a still more perfect development in the little Jeanie, the youngest of the daughters; with fair hair just touched with a golden light, blue eyes soft and tender, and a complexion somewhat pale but apt to blush at any touch of sentiment or feeling into the warmest variable radiance. She sang like a bird without any training, she knew all the songs and stories of the district, and read every poetry-book she could find (they were not many—The Gentle Shepherd, an old copy of Barbour’s Bruce, some vagrant volumes of indifferent verse); she was full of sentiment and dreamy youthful romance without anything to feed upon. But just at the time when her favourite brother Nigel went away, and Anne was downcast and melancholy, a young doctor came temporarily to the district, and came in the usual course to see Mrs. Douglas, for whose case he recommended certain remedies impossible to be carried out, as doctors sometimes do. He advised change of air, cheerful company, and that she should be kept from everything likely to agitate or disturb her. “That’s sae easy—that’s sae likely,” said Marg’ret under her breath. But Anne listened anxiously while the young doctor insisted upon his remedies. He came again and again, with an interest in the patient which no one had ever shown before. “If you could take her away into the sunshine—to a brighter place, where she would see new faces and new scenes.” “Oh, but how could I do that,” cried Anne, “when I have no place to take her to, and my father would not let me if I had?” “Oh, Miss Anne, let me speak to your father,” the young man pleaded. “You shall have a pleasant house to bring your mother to, and love and service at her command, if you will but listen to me.” Anne listened, nothing loth, and the young doctor, with a confidence born of ignorance, afterwards asked for an interview with Drumcarro. What happened was never known; the doctor departed in great haste, pale with wrath, Mr. Douglas’s voice sounding loud as the burn when in spate after him as he strode from the door; and Anne’s cheeks were white and her eyes red for a week after. But at the end of that week Anne disappeared and was no more seen. Marg’ret, who had risen very early in the middle of the wintry dark, to see to some great washing or other household work, found,
as was whispered through the house, a candle nickering down in the socket upon the hall-table, and the house-door open. To blow out the last flickering flame, lest it should die in the socket and so foreshadow the extinction of the race, was Marg’ret’s first alarmed precaution; and then she shut the open door, but whether she saw or heard anything more nobody ever knew. A faint picture of this scene, the rising and falling of the dying light, the cold wind blowing in from the door, the wild darkness of the winter morning, with its belated stars in a frosty sky looking in, remained in the imagination of the family surrounding the name of Anne, which from that day was never pronounced in the house. Where she went or what became of her was supposed by the young ones to be absolutely unknown. But it is to be hoped that even Drumcarro, savage as he was, ascertained the fate of his daughter even while he cursed her. It came to be understood afterwards that she had married her doctor and was happy; but that not for a long time, nor to the sisters thus taught by the tremendous force of example what a dreadful thing it was to look at any upstart doctor or minister or insignificant person without a pedigree or pretensions like their own. This was the only shape in which love had come near the door of Drumcarro, and if there was a certain attraction even in the tragic mystery of the tale, there was not much encouragement for the others to follow Anne’s example, thus banished summarily and for ever from all relations with her family. Also from that time no doctor except the old man who had brought the children into the world was ever allowed to enter those sacred doors, nor any minister younger or more seductive than Mr. Pyper. As for other ineligible persons there were none in the country-side, so that Mary and Kirsteen were safe from temptation. And thus they went on from day to day and from year to year, in a complete isolation which poverty made imperative more even than circumstances, the only event that ever happened being the departure of a brother, or an unusually severe “attack” of their mother’s continued ever-enduring illness. They were not sufficiently educated nor sufficiently endowed to put them on a par with the few high-born ladies of the district, with whom alone they would have been allowed to associate; and there was native pride enough in themselves to prevent them from forming friendships with the farmers’ daughters, also very widely scattered and few in number, who, though the young ladies of Drumcarro were so little superior to themselves in any outward attribute, would have thought their acquaintance an honour. Nothing accordingly
could exceed the dulness, the monotony of their lives, with no future, no occupation except their work as almost servants in their father’s house, no hope even of those vicissitudes of youth which sometimes in a moment change a young maiden’s life. All was bald and gray about them, everything but the scenery, in which, if there is nothing else, young minds find but an imperfect compensation. Mary indeed had a compensation of another kind in the comfortable apathy of a perfectly dull and stolid character, which had little need of the higher acquirements of life. But Kirsteen with her quick temper and high spirit and lively imagination was little adapted for a part so blank. She was one of those who make a story for themselves. CHAPTER VI. Marg’ret was perhaps the only individual in the world who dared to remonstrate with Mr. Douglas as to the neglect in which his daughters were losing their youth and all its pleasures and hopes. Aunt Eelen it is true made comments from time to time. She said: “Puir things, what will become of them when Neil’s deed? They’ve neither siller nor learning; and no chance of a man for one of them that I can see.” “And yet they’re bonnie lasses,” said the sympathetic neighbour to whom on her return home after Robbie’s departure she made this confidence. “Oh, they’re well enough, but with a silly mother and a father that’s just a madman, what can any person do for them?” Miss Eelen Douglas was not quite assured in her own mind that it was not her duty to do something for her young relations, and she took a great deal of pains to prove to herself that it was impossible. “What if you had them over at the New Year? There’s aye something going on, and the ball at the Castle.” “The ball at the Castle!” cried Miss Eelen with a scream. “And what would they put on to go to the ball at the Castle? Potato-bags and dishclouts? Na, na, I’m of his mind so far as that goes. If they cannot appear like Drumcarro’s daughters they are best at home.” “Bless me,” said the kind neighbour, “a bit white frock is no ruinous. If it was only for a summer Sabbath to go to the kirk in, they must have white frocks.” “Ruinous or no ruinous it’s more than he’ll give them,” said Miss Eelen, shutting up her thin lips as if they had been a purse. She was very decided
that the white frocks could not come from her. And indeed her means were very small, not much more than was absolutely necessary to maintain her little house and the one maid who kept her old mahogany and her old silver up to the polish which was necessary. Naturally all her neighbours and her cousin Neil, who hoped to inherit from her, exaggerated Miss Eelen’s income. But though she was poor, she had a compunction. She felt that the white frocks ought to be obtained somehow, if even by the further pinching of her own already pinched living, and that the great chance of the ball at the Castle ought to be afforded to Drumcarro’s neglected girls. And she had to reason with herself periodically as to the impossibility of this, demonstrating how it was that she could not do it, that it was not her part to do it, that if the father and the mother saw no necessity, how was she, a cousin once removed, to take it upon her? For though they called her aunt she was in reality Neil Douglas of Drumcarro’s cousin and no more. Notwithstanding all these arguments a compunction was always present in Miss Eelen’s worn out yet not extinguished heart. “Besides,” she began again more briskly, “what would be the use? Ye’ll no suppose that Lord John or Lord Thomas would offer for Drumcarro’s lasses. They’re as good blood, maybe better; for it’s cauld watery stuff that rins in those young lads’ veins. But Neil Douglas is a poor man; if he had all or the half that rightly belongs to him, it would be anither matter. We’ll say nothing about that I’m a Douglas myself, and it just fires me up when I think of it. But right or wrong, as I’m saying, Drumcarro’s a poor man and it’s no in the Castle his lasses will find mates. And he’s a proud man. I think upon Anne, puir thing, and I cannot say another word. Na, na, it’s just a case where nobody can interfere.” “But Miss Anne’s very happy, and plenty of everything, as I hear.” “Happy, and her father’s doors closed upon her, and her name wiped out as if she were dead, far more than if she were dead! And bearing a name that no man ever heard of, her, a Douglas!” Miss Eelen’s gray cheek took on a flush of colour at the thought. She shook her head, agitating the little gray ringlets on her forehead. “Na, na,” she said, “I’m vexed to think upon the poor things—but I cannot interfere.” “Maybe their father, if you were to speak to him—” “Me speak to him! I would as soon speak to Duncan Nicol’s bull. My dear, ye ken a great deal,” said Miss Eelen with irony, “but ye do not ken
the Douglases. And that’s all that can be said.” This, however, was not all that a more devoted friend, the only one they had who feared neither Drumcarro nor anything else in the world, in their interests, found to say. Marg’ret was not afraid of Drumcarro. Even she avoided any unnecessary encounter with “the auld slave-driver,” but when it was needful to resist or even to assail him she did not hesitate. And this time it was not resistance but attack. She marched into the laird’s room with her head held high, trumpets playing and banners flying, her broad white capstrings finely starched and streaming behind her with the impulse of her going, an unusual colour in her cheeks, her apron folded over one hand, the other free to aid the eloquence of her speech. Several months had passed in great quiet, the little stir of Robbie’s departure having died away along with the faint excitement of the preparations for his departure, the making of his linen, the packing of his portmanteaux. All had relapsed again into perfect dulness and the routine of every day. Jamie, the next boy, was only fourteen; a long time must elapse before he was able to follow his brother into the world, and until his time should come there was no likelihood of any other event stirring the echoes at Drumcarro. As for Marg’ret, the routine was quite enough for her. To think what new variety of scone she could make for their tea, how she could adapt the remains of the grouse to make a little change, or improve the flavour of the trout, or com-pound a beef-tea or a pudding which would tempt her mistress to a spoonful more, was diversion enough for Marg’ret among the heavier burdens of her work. But the bairns—and above all Kirsteen, who was her special darling. Kirsteen had carried her head very high after Robbie went away. She had been full of musings and of dreams, she had smiled to herself and sung to herself fragments of a hundred little ditties, even amid the harassments of her sick mother’s incessant demands, and all the dulness of her life. But after a month or two that visionary delight had a little failed, the chill of abandonment, of loneliness, of a life shut out from every relaxation, had ceased to be neutralized by the secret inspiration which kept the smile on her lips and the song in her heart. Kirsteen had not forgotten the secret which was between her and Ronald, or ceased to be sustained by it; but she was young, and the parting, the absence, the silence had begun to tell upon her. He was gone; they were all gone, she said to herself. With everything in the world to sustain the young sufferer, that chill of absence is always a sad one. And her cheerfulness, if not her courage, had flagged. Her heart and
her head had drooped in spite of herself. She had been found moping in corners, “thinking,” as she had said, and she had been seen with her eyes wet, hastily drying the irrepressible tears. “Kirsteen greetin’!” One of the boys had seen it, and mocked her with a jibe, of which afterwards he was much ashamed; and little Jeanie had seen it, and had hurried off awestricken to tell Marg’ret, “Kirsteen was in the parlour, just with nobody, and greetin’ like to break her heart.” “Hoot awa’ with ye, it’ll be that auld pain in her head,” said Marg’ret sending the little girl away. But this report brought affairs to a crisis. “The bairn shall not just be left to think and think,” she said to herself, adding however prudently, “no if I can help it.” Marg’ret had managed one way or other to do most things she had set her heart upon, but upon this she could not calculate. Drumcarro was not a man to be turned easily from his evil ways. He was a “dour man.” The qualities which had enabled him in the face of all discouragement to persevere through failure and disappointment until he had at last gained so much if no more and become Drumcarro, were all strong agents against the probability of getting him to yield now. He had his own theories of his duty, and it was not likely that the representations of his housekeeper would change them. Still Marg’ret felt that she must say her say. He was seated by himself in the little room which was specially his own, in the heaviness of the afternoon. Dinner was over, and the air was still conscious of the whisky and water which had accompanied it. A peat fire burned with an intense red glow, and his chair and shabby writing-table were drawn close to it. No wonder then that Drumcarro dozed when he retired to that warm and still seclusion. Marg’ret took care not to go too soon, to wait until the afternoon nap was over; but the laird’s eyes were still heavy when she came in. He roused himself quickly with sharp impatience; though the doze was habitual he was full of resentment at any suspicion of it. He was reading in his room; this was the version of the matter which he expected to be recognized in the family: a man nowadays would say he had letters to write, but letters were not so universal an occupation then. A frank or an opportunity, a private hand, or sure messenger with whom to trust the missive were things of an occasional occurrence which justified correspondence; but it was not a necessity of every day. Mr. Douglas made no pretence of letters. He was reading; a much crumpled newspaper which had already passed through several hands was spread out on the table before
him. It was a Glasgow paper, posted by the first reader the day after publication to a gentleman on Loch Long, then forwarded by him to Inveralton, thence to Drumcarro. Mr. Pyper at the Manse got it at fourth hand. It would be difficult to trace its wanderings after that. The laird had it spread upon his table, and was bending over it, winking one eye to get it open when Marg’ret pushed open the door. She did not knock, but she made a great deal of noise with the handle as she opened it, which came to much the same thing. “Well,” he said, turning upon her snappishly, “what may ye be wanting now?” “I was wanting—just to say something to ye, Drumcarro, if it’s convenient to ye,” Marg’ret said. “What do ye want? That’s your way of asking, as I know well. What ails ye now, and what long story have ye to tell? The sooner it’s begun the sooner it will be ended,” he said. “There is truth in that,” replied Marg’ret sedately; “and I canna say I am confident ye will be pleased with what I am going to say. For to meddle between a father and his bairns is no a pleasant office, and to one that is but a servant in the house.” “And who may this be,” said Mr. Douglas grimly, “that is coming to interfere between a father and his bairns,—meaning me and my family, as I’m at liberty to judge?” Marg’ret looked her master in the face, and made him a slight but serious curtsey. “ ’Deed, sir, it’s just me,” she said. “You!” said the laird with all the force of angry indignation which he could throw into his voice. He roused himself to the fray, pushing up his spectacles upon his forehead. “You’re a bonny one,” he said, “to burst into a gentleman’s private room on whatever errand—let alone meddling in what’s none of your concerns.” “If ye think sae, sir,” said Marg’ret, “that’s just anither point we dinna agree about; for if there’s a mair proper person to speak to ye about your bairns than the person that has brought them up, and carried them in her arms, and made their parritch and mended their clo’es all their life, I’m no acquaint with her. Eh, me, what am I saying? There is anither that has a better right—and that’s their mother. But she’s your wife, puir lamb, and ye
ken weel that ye’ve sae dauntened her, and sae bowed her down, that if ye were to take a’ their lives she would never get out a word.” “Did she send ye here to tell me so?” cried Drumcarro. “But me,” said Marg’ret, unheeding the question, “I’m no to be dauntened neither by words nor looks. I’m nae man’s wife, the Lord be thankit.” “Ye may well say that,” said the laird, seizing an ever-ready weapon, “for it’s well known ye never could get a man to look the way ye were on.” Marg’ret paused for a moment and contemplated him, half moved by the jibe, but with a slight wave of her hand put the temptation away. “I’m no to be put off by ony remarks ye can make, sir,” she said; “maybe ye think ye ken my affairs better than I do, for well I wot I ken yours better than you. You’re no an ill father to your lads. I would never say sae, for it wouldna be true; ye do your best for them and grudge naething. But the lassies are just as precious a gift from their Maker as their brothers, and what’s ever done for them? They’re just as neglecktit as the colley dogues: na, far mair, for the colleys have a fine training to make them fit for their work—whereas our young ladies, the Lord bless them—” “Well,” said the father sharply, “and what have you to do with the young ladies? Go away with you to your kitchen, and heat your girdle and make your scones. That’s your vocation. The young ladies I tell ye are no concern of yours.” “Whose concern should they be when neither father nor mother take ony heed?” said Marg’ret “Maister Douglas, how do you think your bonnie lads would have come through if they had been left like that and nobody caring? There’s Miss Kirsteen is just as clever and just as good as any one o’ them; but what is the poor thing’s life worth if she’s never to see a thing, nor meet a person out of Drumcarro House? Ye ken yoursel’ there’s little company in Drumcarro House—you sitting here and the mistress maybe in her bed, and neither kin nor friend to say a pleasant word. Lord bless us a’! I’m twice her age and mair: but I would loup ower the linn the first dark day, if I was like that lassie without the sight of a face or the sound of a voice of my ain kind.” “You’re just an auld fool,” said Drumcarro, “the lassie is as well off as any lassie needs to be. Kirsteen—oh ay, I mind now, ye have always made a
pet of Kirsteen. It’s maybe that that has given her her bold tongue and set that spark in her eye.” “Na,” said Marg’ret, “it was just her Maker did that, to make her ane of the first in the land if them she belongs to dinna shut her up in a lonesome glen in a dull hoose. But naebody shall say I’m speaking for Kirsteen alone; there’s your bonny little Jeanie that will just be a beauty. Where she got it I canna tell, ony mair than I can tell where Kirsteen got her grand spirit and yon light in her ee. No from her poor mother, that was a bonny bit thing in her day, but never like that. Jeanie will be just the flower o’ the haill country-side, if ye can ca’ it a country-side that’s a’ howkit out into glens and tangled with thae lochs and hills. If she were in a mair open country there’s no a place from Ayr to Dumfries but would hear of her for her beauty in twa or three years’ time. Ye may say beauty’s but skin deep, and I’m saying nothing to the contrary; but it’s awfu’ pleasant to the sight of men; and I’ll just tell you this, Drumcarro—though it’s maybe no a thing that’s fit for me to say—there’s no a great man in a’ the land that bairn mightna marry if she had justice done her. And maybe that will move ye, if naething else will.” A gleam had come into Drumcarro’s eyes as she spoke, but he answered only by a loud and harsh laugh, leaning back in his chair and opening wide a great cavern of a mouth. “The deil’s in the woman for marrying and giving in marriage!” he said. “A bit lassie in a peenny? It’s a pity the Duke marriet, Marg’ret, but it cannot be mended. If she’s to get a prince he’ll come this way when she’s old enough. We’ll just wait till that time comes.” “The time has come for the rest, if no for her,” said Marg’ret, unexpectedly encouraged by this tone. “And eh? if ye would but think, they’re young things, and youth comes but ance in a lifetime, and ye can never win it back when it’s past. The laddies, bless them, are all away to get their share; the lassies will never get as much, but just a bit triflin’ matter— a white gown to go to a pairty, or a sight of Glasgow, or—” “The woman’s daft!” said the laird. “Glasgow! what will they do there? a white gown! a fiddlestick—what do they want that they haven’t got—plenty of good meat, and a good roof over their heads, and nothing to do for’t but sew their seams and knit their stockings and keep a pleasant tongue in their heads. If ye stir up nonsense among them, I’ll just turn ye bag and baggage out of my house.”
“I would advise ye to do that, sir,” said Marg’ret calmly. “I’ll no need a second telling. And ye’ll be sorry but ance for what ye have done, and that’ll be a’ your life.” “Ye saucy jade!” said the laird: but though he glared at her with fiery eyes, he added no more on this subject. “The lassies!” he said, “a pingling set aye wanting something! To spend your money on feeding them and clothing them, that’s not enough it would appear! Ye must think of their finery, their parties and their pleasures. Tell Kirsteen she must get a man to do that for her. She’ll have no nonsense from me.” “And where is she to get a man? And when she has gotten a man—the only kind that will come her gait—” Mr. Douglas rose up from his chair, and shook his clenched first. Rage made him dumb. He stammered out an oath or two, incapable of giving vent to the torrent of wrath that came to his lips. But Marg’ret did not wait till his utterances became clear. CHAPTER VII. This was one of the days when Mrs. Douglas thought she felt a little better, and certainly knew it was very dull in her bed-room, where it was not possible to keep even Kirsteen stationary all day, so she had ventured to come down stairs after the heavy midday dinner which filled the house with odours. A little broth, served with what was considered great delicacy in Drumcarro in a china dish on a white napkin, had sufficed for her small appetite; and when everything was still in the house, in partial somnolence after the meal, she had been brought to the parlour with all her shawls and cushions, and established by the fire. The news of the great ball at the Castle which had moved Marg’ret to the desperate step she had just taken had its effect in the parlour too. Kirsteen who had said at first proudly, “What am I heeding?” had, notwithstanding everything, begun to wake up a little to the more usual sensations of a girl of twenty when any great event of this description is about to take place. It would be bonny to see—it would be fine just for once to be in grand company like the old Douglases her forbears, and to see how the lords and ladies behaved themselves, if they were really so different from common folk. And then Kirsteen began to think of the music and the sound of the dancers’ feet upon the floor, in spite of herself—and the imaginary strains went to her head. She was caught in
the measure of her dreams, swaying a little involuntarily to keep time, and interjecting a real step, a dozen nimble twinklings of her feet in their strong country shoes as she went across the room to fetch a new clew for her mother’s knitting. “What’s that you’re doing, Kirsteen, to shake the whole place?” said Mrs. Douglas. “Oh, it’s just nothing, mother.” “She’s practising her steps,” said Mary, “for the grand ball.” “Dear me, dear me,” Mrs. Douglas said. “How well I know by myself! Many’s the time I’ve danced about the house so that nothing would keep me still—but ye see what it all comes to. It’s just vanity and maybe worse than vanity—and fades away like the morning dew.” “But, mother,” said Kirsteen, “it was not your dancing nor the pleasure you’ve had that made you ill; so we cannot say that’s what it comes to.” “Pleasure!” said her mother. “It’s very little pleasure I have had in my life since I marriet your father and came to this quiet place. Na, na, it’s no pleasure—I was very light-hearted in my nature though you would not think it. But that’s a thing that cannot last.” “But you had it, mother,” said Mary, “even if it was short. There was that ball you went to when you were sixteen, and the spangled muslin you had on, and the officer that tore it with his spurs.” Mrs. Douglas’s eyes lit up with a faint reflection of bygone fire. “Eh, that spangled muslin,” she said, “I’ll never forget it, and what they all said to me when I came home. It was not like the grand gowns that are the fashion now. It was one of the last of the old mode before those awfu’ doings at the French Revolution that changed everything. My mother wore a hoop under her gown standing out round her like a cart-wheel. I was not old enough for that; but there was enough muslin in my petticoat to have made three of these bit skimpit things.” “I just wish,” said Mary with a sigh, “that we had it now.” “It would be clean out of the fashion if ye had it; and what would ye do with a spangled muslin here? Ye must have parties to go to, before ye have any need for fine cla’es.” Mary breathed again that profound sigh. “There’s the ball at the Castle,” she said.

More Related Content

PDF
Practical Security For Agile And Devops 1st Edition Mark S Merkow
bysundzesamkit
 
PDF
Security as Code (Second Early Release) Bk Sarthak Das
bymagaudzontar
 
PDF
Security as Code (Second Early Release) Bk Sarthak Das
byminroyallugg
 
DOCX
10 things to get right for successful dev secops
byMohammed Ahmed
 
PDF
Dreamforce '23 - Master the Art of Becoming a Salesforce Security Ninja
byAlesia Dvorkina
 
PDF
Ransomware Detection And Protection Anonymous
bylexiececap
 
PPTX
Winnipeg ISACA Security is Dead, Rugged DevOps
byGene Kim
 
PDF
The Insiders Guide To Outsourcing Risks And Rewards 1st Edition Johann Rost
byjarnigthix
 
Practical Security For Agile And Devops 1st Edition Mark S Merkow
bysundzesamkit
 
Security as Code (Second Early Release) Bk Sarthak Das
bymagaudzontar
 
Security as Code (Second Early Release) Bk Sarthak Das
byminroyallugg
 
10 things to get right for successful dev secops
byMohammed Ahmed
 
Dreamforce '23 - Master the Art of Becoming a Salesforce Security Ninja
byAlesia Dvorkina
 
Ransomware Detection And Protection Anonymous
bylexiececap
 
Winnipeg ISACA Security is Dead, Rugged DevOps
byGene Kim
 
The Insiders Guide To Outsourcing Risks And Rewards 1st Edition Johann Rost
byjarnigthix
 

Similar to Practical Security for Agile and DevOps 1st Edition Mark S Merkow

PPT
Applying DevOps for more reliable Public Sector Software Delivery
bySanjeev Sharma
 
PPTX
Carrot hammer olivebranch.devopseast.20.2019nov08
byJulie Tsai
 
PDF
End User Performance: Building and Maintaining ROI
byFindWhitePapers
 
PDF
Secure And Resilient Software Development Mark S Merkow Lakshmikanth Raghavan
bybunispinolml
 
PDF
OWASP San Antonio Meeting 10/2/20
byDenim Group
 
PDF
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
bySynopsys Software Integrity Group
 
PPTX
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
byTroy Marshall
 
PDF
The IT Manager's Guide to DevOps
byICTperspectives
 
PDF
Monktoberfest Fast Delivery
byAdrian Cockcroft
 
PDF
Delivering Operational Excellence with Innovation
byFindWhitePapers
 
PDF
Design+Patterns
bysudheepslideshare
 
PPTX
ABN AMRO DevSecOps Journey
byDerek E. Weeks
 
PDF
Devops, Secops, Opsec, DevSec *ops *.* ?
byKris Buytaert
 
PPTX
Eda gas andelectricity_meetup-adelaide_pov
byNicholas Bowman
 
PDF
Cisos Guide To Penetration Testing A Framework To Plan Manage And Maximize Be...
bycaauenoub9160
 
PDF
First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...
byAnna Loughnan Colquhoun
 
PDF
Why Traditional Anti Malware Whitepaper
byAVG Technologies
 
PDF
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
byAndris Soroka
 
PDF
New Security: A $4-Billion Market in 2011 - Changing the Game: Monthly Techno...
byCapgemini
 
PDF
Security is our duty and we shall deliver it - White Paper
byMohd Anwar Jamal Faiz
 
Applying DevOps for more reliable Public Sector Software Delivery
bySanjeev Sharma
 
Carrot hammer olivebranch.devopseast.20.2019nov08
byJulie Tsai
 
End User Performance: Building and Maintaining ROI
byFindWhitePapers
 
Secure And Resilient Software Development Mark S Merkow Lakshmikanth Raghavan
bybunispinolml
 
OWASP San Antonio Meeting 10/2/20
byDenim Group
 
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
bySynopsys Software Integrity Group
 
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
byTroy Marshall
 
The IT Manager's Guide to DevOps
byICTperspectives
 
Monktoberfest Fast Delivery
byAdrian Cockcroft
 
Delivering Operational Excellence with Innovation
byFindWhitePapers
 
Design+Patterns
bysudheepslideshare
 
ABN AMRO DevSecOps Journey
byDerek E. Weeks
 
Devops, Secops, Opsec, DevSec *ops *.* ?
byKris Buytaert
 
Eda gas andelectricity_meetup-adelaide_pov
byNicholas Bowman
 
Cisos Guide To Penetration Testing A Framework To Plan Manage And Maximize Be...
bycaauenoub9160
 
First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...
byAnna Loughnan Colquhoun
 
Why Traditional Anti Malware Whitepaper
byAVG Technologies
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
byAndris Soroka
 
New Security: A $4-Billion Market in 2011 - Changing the Game: Monthly Techno...
byCapgemini
 
Security is our duty and we shall deliver it - White Paper
byMohd Anwar Jamal Faiz
 

Recently uploaded

PPTX
Pain. definition, causes, factor influencing pain & pain assessment.pptx
byPompi Begum
 
PDF
IMANI Africa files RTI request seeking full disclosure on 2026 SIM registrati...
bynservice241
 
PDF
NAVIGATE PHARMACY CAREER OPPORTUNITIES.pdf
byMd. Zakaria Faruki
 
PPTX
York "Collaboration for Research Support at U-M Library"
byNational Information Standards Organization (NISO)
 
PDF
Analyzing the data of your initial survey
byThelma Villaflores
 
PDF
Projecte de la porta de primer B: L'antic Egipte
byeduardrubio1
 
PDF
DHA/HAAD/MOH/DOH OPTOMETRY MCQ PYQ. .pdf
byAnmol Singh
 
PDF
Current Electricity for first year physiotherapy
byGanesh Jadhav
 
PPTX
TAMIS & TEMS - HOW, WHY and THE STEPS IN PROCTOLOGY
byJohn Thanakumar
 
PPTX
Limpitlaw "Licensing: From Mindset to Milestones"
byNational Information Standards Organization (NISO)
 
PPTX
How to use search_read method in Odoo 18
byCeline George
 
PDF
BỘ TEST KIỂM TRA CUỐI HỌC KÌ 1 - TIẾNG ANH 6-7-8-9 GLOBAL SUCCESS - PHIÊN BẢN...
byNguyen Thanh Tu Collection
 
PDF
The Drift Principle: When Information Accelerates Faster Than Minds Can Compress
byReality Drift Archive
 
PPTX
Pig- piggy bank in Big Data Analytics.ppt.pptx
byVarshini M
 
PPTX
Vitamins and mineral deficiency , signs and symptoms associated with exercise
byvirupa chandrika reddy
 
PDF
All Students Workshop 25 Yoga Wellness by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
PPTX
Semester 6 unit 2 Atopic dermatitis.pptx
bysachin7989
 
PDF
The Tale of Melon City poem ppt by Sahasra
bybitrasahasra
 
PPTX
Unit I — Introduction to Anatomical Terms and Organization of the Human Body
byRAKESH SAJJAN
 
PDF
Digital Wellness in University Communities: Libraries as Guardians of Healthy...
bySylvester Ebhonu
 
Pain. definition, causes, factor influencing pain & pain assessment.pptx
byPompi Begum
 
IMANI Africa files RTI request seeking full disclosure on 2026 SIM registrati...
bynservice241
 
NAVIGATE PHARMACY CAREER OPPORTUNITIES.pdf
byMd. Zakaria Faruki
 
York "Collaboration for Research Support at U-M Library"
byNational Information Standards Organization (NISO)
 
Analyzing the data of your initial survey
byThelma Villaflores
 
Projecte de la porta de primer B: L'antic Egipte
byeduardrubio1
 
DHA/HAAD/MOH/DOH OPTOMETRY MCQ PYQ. .pdf
byAnmol Singh
 
Current Electricity for first year physiotherapy
byGanesh Jadhav
 
TAMIS & TEMS - HOW, WHY and THE STEPS IN PROCTOLOGY
byJohn Thanakumar
 
Limpitlaw "Licensing: From Mindset to Milestones"
byNational Information Standards Organization (NISO)
 
How to use search_read method in Odoo 18
byCeline George
 
BỘ TEST KIỂM TRA CUỐI HỌC KÌ 1 - TIẾNG ANH 6-7-8-9 GLOBAL SUCCESS - PHIÊN BẢN...
byNguyen Thanh Tu Collection
 
The Drift Principle: When Information Accelerates Faster Than Minds Can Compress
byReality Drift Archive
 
Pig- piggy bank in Big Data Analytics.ppt.pptx
byVarshini M
 
Vitamins and mineral deficiency , signs and symptoms associated with exercise
byvirupa chandrika reddy
 
All Students Workshop 25 Yoga Wellness by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
Semester 6 unit 2 Atopic dermatitis.pptx
bysachin7989
 
The Tale of Melon City poem ppt by Sahasra
bybitrasahasra
 
Unit I — Introduction to Anatomical Terms and Organization of the Human Body
byRAKESH SAJJAN
 
Digital Wellness in University Communities: Libraries as Guardians of Healthy...
bySylvester Ebhonu
 

Practical Security for Agile and DevOps 1st Edition Mark S Merkow

  • 1.
    Read Anytime AnywhereEasy Ebook Downloads at ebookmeta.com Practical Security for Agile and DevOps 1st Edition Mark S Merkow https://ebookmeta.com/product/practical-security-for-agile- and-devops-1st-edition-mark-s-merkow/ OR CLICK HERE DOWLOAD EBOOK Visit and Get More Ebook Downloads Instantly at https://ebookmeta.com
  • 2.
    Recommended digital products(PDF, EPUB, MOBI) that you can download immediately if you are interested. Practical Linux DevOps: Building a Linux Lab for Modern Software Development 1st Edition John S. Tonello https://ebookmeta.com/product/practical-linux-devops-building-a-linux- lab-for-modern-software-development-1st-edition-john-s-tonello/ ebookmeta.com Hands-On Guide to AgileOps: A Guide to Implementing Agile, DevOps, and SRE for Cloud Operations 1st Edition Sabharwal https://ebookmeta.com/product/hands-on-guide-to-agileops-a-guide-to- implementing-agile-devops-and-sre-for-cloud-operations-1st-edition- sabharwal/ ebookmeta.com Model Driven DevOps Increasing agility and security in your physical network through DevOps 1st Edition Steven Carter https://ebookmeta.com/product/model-driven-devops-increasing-agility- and-security-in-your-physical-network-through-devops-1st-edition- steven-carter/ ebookmeta.com Language Acquisition second edition The Growth of Grammar A Bradford Book Maria Teresa Guasti https://ebookmeta.com/product/language-acquisition-second-edition-the- growth-of-grammar-a-bradford-book-maria-teresa-guasti/ ebookmeta.com
  • 3.
    Letters from RisingPharmacy Stars Advice on Creating and Advancing Your Career in a Changing Profession 1st Edition Susan A. Cantrell https://ebookmeta.com/product/letters-from-rising-pharmacy-stars- advice-on-creating-and-advancing-your-career-in-a-changing- profession-1st-edition-susan-a-cantrell/ ebookmeta.com Reimagining Prosperity: Social and Economic Development in Post-COVID India 1st Edition Arash Fazli https://ebookmeta.com/product/reimagining-prosperity-social-and- economic-development-in-post-covid-india-1st-edition-arash-fazli/ ebookmeta.com The Czars 1st Edition James P Duffy Vincent L Ricci https://ebookmeta.com/product/the-czars-1st-edition-james-p-duffy- vincent-l-ricci/ ebookmeta.com You're a Mean One, Matthew Prince (Boy Meets Boy 2) 1st Edition Timothy Janovsky https://ebookmeta.com/product/youre-a-mean-one-matthew-prince-boy- meets-boy-2-1st-edition-timothy-janovsky-2/ ebookmeta.com Officer Slater Mountain Man Police Force Book 1 1st Edition Flora Madison https://ebookmeta.com/product/officer-slater-mountain-man-police- force-book-1-1st-edition-flora-madison-2/ ebookmeta.com
  • 4.
    The Dynamics ofModern Rugby 1st Edition Bruce Davies https://ebookmeta.com/product/the-dynamics-of-modern-rugby-1st- edition-bruce-davies/ ebookmeta.com
  • 6.
  • 8.
    Boca Raton LondonNew York CRC Press is an imprint of the Taylor & Francis Group, an informa business AN AUERBACH BO O K Practical Security for Agile and DevOps Mark S. Merkow, CISSP, CISM, CSSLP
  • 9.
    First Edition published2022 by CRC Press 6000 Broken Sound Parkway NW, Suite 300, Boca Raton, FL 33487-2742 and by CRC Press 4 Park Square, Milton Park, Abingdon, Oxon, OX14 4RN © 2022 Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, LLC Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume respon­ sibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, access www.copyright.com or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. For works that are not available on CCC please contact mpkbookspermissions@tandf.co.uk Trademark notice: Product or corporate names may be trademarks or registered trademarks and are used only for identification and explanation without intent to infringe. ISBN: 978-1-032-20647-9 (hbk) ISBN: 978-1-032-15120-5 (pbk) ISBN: 978-1-003-26556-6 (ebk) DOI: 10.1201/9781003265566
  • 10.
    Trademarks Used inThis Publication Adobe is a registered trademark of Adobe, Inc., in San Jose, CA. Alert Logic is a registered trademark of Alert Logic Inc., in Houston, TX. Amazon, Amazon Web Services, and AWS are registered trademarks of Amazon Technologies, Inc., in Seattle, WA. Atlassian and Jira are registered trademarks of Atlassian Pty Ltd., Sydney, Australia. Azure is a registered trademark of Microsoft Corporation, in Redmond, WA (on hold pending further action as of 2019/09). Barracuda is a registered trademark of Barracuda Networks Inc., in Campbell, CA. Cigital is a registered trademark of Synopsys, Inc., in Mountain View, CA. Citrix is a registered trademark of Citrix Systems, Inc. Contrast Security is a registered trademark of Contrast Security, Inc., in Los Altos, CA. CSSLP and (ISC)2 are registered trademarks of International Information Systems Security Certification Consortium, Inc., in Clearwater, FL. CWE and CVE are trademarks and MITRE is a registered trademark of MITRE Corporation, in McLean, VA. Dell and Dell EMC are registered trademarks of Dell, Inc., or its subsidiaries. Ethereum is a registered trademark of Stiftung Ethereum (Foundation Ethereum). F5 Silverline is a registered trademark of F5 Networks, Inc., in Seattle, WA. Fortify is a registered trademark of EntIT Software LLC, in Sunnyvale, CA. Google Cloud Platform and GCP are trademarks and Google is a registered trademark of Google, Inc., in Mountain View, CA. HCL AppScan is a registered trademark of HCL Technologies Limited, in New Delhi, India. ImmuniWeb is a globally registered trademark owned by High Tech Bridge SA, in Geneva, Switzerland. Imperva is a registered trademark of Imperva, Inc., in Redwood City, CA. ISACA is a registered trademark of Information Systems Audit and Control Association, Inc., in Schaumburg, IL. IriusRisk is a registered trademark of Continuum Security, SL, in Spain. Jama Connect is a trademark of Jama Software, in Portland, OR. Kali Linux is a trademark of Offensive Security. Kubernetes is a registered trademark of The Linux Foundation, in San Francisco, CA. LinkedIn is a registered trademark of LinkedIn Corporation, in Sunnyvale, CA. MICRO FOCUS, the Micro Focus logo, and Micro Focus product names are trademarks or registered trademarks of Micro Focus IP Development Limited or its subsidiaries or affiliated companies in the United States, United Kingdom, and other countries. Microsoft is a registered trademark of Microsoft Corporation, in Redmond, WA. Netflix is a registered trademark of Netflix, Inc., in Los Gatos, CA. NICERC is a trademark of National Integrated Cyber Education Research Center, in Bossier City, LA. Offensive Security is a registered trademark of Offensive Security Limited, in George Town, Grand Cayman. OWASP is designated as non-final office action issued (clarification needed as of 2019/09). Qualys is a registered trademark of Qualys, Inc., in Foster City, CA. Radware is a registered trademark of Radware, in Mahwah, NJ. ScienceSoft is a registered trademark of ScienceSoft USA Corporation, in McKinney, TX. SonarQube is a trademark of SonarSource SA, in Switzerland. Sonatype is a trademark of Sonatype Inc., in Fulton, MD. Synopsys and Synopsys Coverity are registered trademarks of Synopsys, Inc., in the U.S. and/or other countries. ThreatModeler is a registered trademark of ThreatModeler Software, Inc., in Jersey City, NJ. Veracode is a service mark of Veracode Inc., in Burlington, MA. Wallarm is a registered trademark of Wallarm, Inc., in San Francisco, CA. WEBEX, CISCO, Cisco WebEx, the CISCO logo, and the Cisco WebEx logo are trademarks or registered trade­ marks of Cisco Systems, Inc. and/or its affiliated entities in the United States and other countries. ZOOM is a registered trademark of Zoom Video Communications, Inc.
  • 12.
    Dedication This book isdedicated to the next generation of application security professionals to help alleviate the struggle to reverse the curses of defective software no matter where it shows up. vii
  • 14.
    Dedication vii Contents ix Listof Figures and Tables xix Preface xxi How This Book Is Organized xxii About the Author xxv Chapter 1: Today’s Software Development Practices Shatter Old Security Practices 1 CHAPTER OVERVIEW 1 CHAPTER TAKEAWAYS 1 1.1 Over the Waterfall 2 1.2 What Is Agile? 3 1.3 Shift Left! 3 1.4 Principles First! 5 1.5 Summary 6 Chapter Quick Check 6 Exercises 7 References 7 Chapter 2: Deconstructing Agile and Scrum 9 CHAPTER OVERVIEW 9 CHAPTER TAKEAWAYS 9 2.1 The Goals of Agile and Scrum 11 2.2 Agile/Scrum Terminology 11 2.3 Agile/Scrum Roles 11 2.4 Unwinding Sprint Loops 13 Contents ix
  • 15.
    2.5 Development andOperations Teams Get Married 15 2.6 Summary 16 Chapter Quick Check 18 Exercises 18 References 19 Chapter 3: Learning Is FUNdamental! 21 CHAPTER OVERVIEW 21 CHAPTER TAKEAWAYS 21 3.1 Education Provides Context, and Context Is Key 22 3.2 Principles for Software Security Education 22 3.3 Getting People’s Attention 23 3.4 Awareness versus Education 25 3.5 Moving into the Education Phase 25 3.6 Strategies for Rolling Out Training 27 3.7 Encouraging Training Engagement and Completion 27 3.8 Measuring Success 28 3.9 Keeping the Drumbeat Alive 28 3.10 Create and Mature a Security Champion Network 29 3.11 A Checklist for Establishing a Software Security Education, Training, and Awareness Program 30 3.12 Summary 30 Chapter Quick Check 30 Exercises 31 References 31 Chapter 4: Product Backlog Development—Building Security In 33 CHAPTER OVERVIEW 33 CHAPTER TAKEAWAYS 33 4.1 Functional versus Nonfunctional Requirements 34 4.2 Testing NFRs 36 4.3 Families of Nonfunctional Requirements 36 4.3.1 Availability 37 4.4 Capacity 38 4.5 Efficiency 38 4.6 Interoperability 39 4.7 Manageability 39 4.7.1 Cohesion 39 4.7.2 Coupling 40 4.8 Maintainability 40 x Practical Security for Agile and DevOps
  • 16.
    4.9 Performance 41 4.10Portability 41 4.11 Privacy 41 4.12 Recoverability 42 4.13 Reliability 43 4.14 Scalability 44 4.15 Security 44 4.16 Serviceability/Supportability 46 4.17 Characteristics of Good Requirements 46 4.18 Eliciting Nonfunctional Requirements 47 4.19 NFRs as Acceptance Criteria and Definition of Done 48 4.20 Summary 48 Chapter Quick Check 49 Exercises 49 References 50 Chapter 5: Secure Design Considerations 51 CHAPTER OVERVIEW 51 CHAPTER TAKEAWAYS 51 5.1 Essential Concepts 52 5.2 The Security Perimeter 52 5.3 Attack Surface 53 5.3.1 Mapping the Attack Surface 54 5.3.2 Side Channel Attacks 54 5.4 Application Security and Resilience Principles 55 5.4.1 Practice 1: Apply Defense in Depth 55 5.4.2 Practice 2: Use a Positive Security Model 57 5.4.3 Practice 3: Fail Securely 58 5.4.4 Practice 4: Run with Least Privilege 58 5.4.5 Practice 5: Avoid Security by Obscurity 59 5.4.6 Practice 6: Keep Security Simple 59 5.4.7 Practice 7: Detect Intrusions 60 5.4.8 Practice 8: Don’t Trust Infrastructure 60 5.4.9 Practice 9: Don’t Trust Services 61 5.4.10 Practice 10: Establish Secure Defaults 61 5.5 Mapping Best Practices to Nonfunctional Requirements (NFRs) as Acceptance Criteria 61 5.6 Summary 61 Chapter Quick Check 62 Exercises 63 References 63 Contents xi
  • 17.
    Chapter 6: Securityin the Design Sprint 65 CHAPTER OVERVIEW 65 CHAPTER TAKEAWAYS 65 6.1 Design Phase Recommendations 66 6.2 Modeling Misuse Cases 66 6.3 Conduct Security Design and Architecture Reviews in Design Sprint 67 6.4 Perform Threat and Application Risk Modeling 67 6.4.1 Brainstorming Threats 69 6.5 Risk Analysis and Assessment 70 6.5.1 Damage Potential 70 6.5.2 Reproducibility 71 6.5.3 Exploitability 71 6.5.4 Affected Users 71 6.5.5 Discoverability 71 6.6 Don’t Forget These Risks! 72 6.7 Rules of Thumb for Defect Removal or Mitigation 72 6.8 Further Needs for Information Assurance 73 6.9 Countering Threats through Proactive Controls 74 6.10 Architecture and Design Review Checklist 78 6.11 Summary 78 Chapter Quick Check 78 Exercises 79 References 80 Chapter 7: Defensive Programming 81 CHAPTER OVERVIEW 81 CHAPTER TAKEAWAYS 81 7.1 The Evolution of Attacks 82 7.2 Threat and Vulnerability Taxonomies 83 7.2.1 MITRE’s Common Weaknesses Enumeration (CWE) 83 7.2.2 OWASP Top 10—2017 84 7.3 Failure to Sanitize Inputs Is the Scourge of Software Development 86 7.4 Input Validation and Handling 86 7.4.1 Client-Side versus Server-Side Validation 89 7.4.2 Input Sanitization 89 7.4.3 Canonicalization 90 7.5 Common Examples of Attacks Due to Improper Input Handling 90 7.5.1 Buffer Overflow 90 7.5.2 OS Commanding 90 7.6 Best Practices in Validating Input Data 91 xii Practical Security for Agile and DevOps
  • 18.
    7.6.1 Exact MatchValidation 91 7.6.2 Exact Match Validation Example 91 7.6.3 Known Good Validation 92 7.6.4 Known Bad Validation 93 7.6.5 Handling Bad Input 94 7.7 OWASP’s Secure Coding Practices 94 7.8 Summary 95 Chapter Quick Check 95 Exercises 96 References 96 Chapter 8: Testing Part 1: Static Code Analysis 97 CHAPTER OVERVIEW 97 CHAPTER TAKEAWAYS 97 8.1 Fixing Early versus Fixing Later 97 8.2 Testing Phases 98 8.2.1 Unit Testing 98 8.2.2 Manual Source Code Reviews 99 8.2.3 The Code Review Process 100 8.3 Static Source Code Analysis 101 8.4 Automated Reviews Compared with Manual Reviews 102 8.5 Peeking Inside SAST Tools 103 8.6 SAST Policies 107 8.7 Using SAST in Development Sprints 107 8.8 Software Composition Analysis (SCA) 110 8.9 SAST is NOT for the Faint of Heart! 111 8.10 Commercial and Free SAST Tools 112 8.11 Summary 112 Chapter Quick Check 112 Exercises 113 References 113 Chapter 9: Testing Part 2: Penetration Testing/Dynamic Analysis/ IAST/RASP 115 CHAPTER OVERVIEW 115 CHAPTER TAKEAWAYS 115 9.1 Penetration (Pen) Testing 116 9.2 Open Source Security Testing Methodology Manual (OSSTMM) 116 9.3 OWASP’s ASVS 117 9.4 Penetration Testing Tools 119 Contents xiii
  • 19.
    9.5 Automated PenTesting with Black Box Scanners 119 9.6 Deployment Strategies 120 9.6.1 Developer Testing 121 9.6.2 Centralized Quality Assurance Testing 121 9.7 Gray Box Testing 121 9.8 Limitations and Constraints of Pen Testing 121 9.9 Interactive Application Security Testing (IAST) 122 9.10 Runtime Application Self-Protection (RASP) 122 9.11 Summary 123 Chapter Quick Check 123 Exercises 124 References 124 Chapter 10: Securing DevOps 127 CHAPTER OVERVIEW 127 CHAPTER TAKEAWAYS 127 10.1 Shifting Left All Around 127 10.1.1 Changing the Business Culture 129 10.2 The Three Ways That Make DevOps Work 130 10.3 The Three Ways Applied to AppSec 132 10.4 OWASP’s DevSecOps Maturity Model 134 10.5 OWASP’s DevSecOps Studio 135 10.6 Summary 135 Chapter Quick Check 135 Exercises 136 References 136 Chapter 11: Metrics and Models for AppSec Maturity 139 CHAPTER OVERVIEW 139 CHAPTER TAKEAWAYS 139 11.1 Maturity Models for Security and Resilience 140 11.2 Software Assurance Maturity Model—OpenSAMM 140 11.2.1 OpenSAMM Business Functions 142 11.2.2 Core Practice Areas 142 11.3 Levels of Maturity 143 11.3.1 Objective 144 11.3.2 Activities 144 11.3.3 Results 144 11.3.4 Success Metrics 144 11.3.5 Costs 144 xiv Practical Security for Agile and DevOps
  • 20.
    11.3.6 Personnel 144 11.3.7Related Levels 145 11.3.8 Assurance 145 11.4 Using OpenSAMM to Assess Maturity Levels 145 11.5 The Building Security In Maturity Model (BSIMM) 147 11.6 BSIMM Organization 150 11.7 BSIMM Software Security Framework 150 11.7.1 Governance 150 11.7.2 Intelligence 152 11.7.3 SSDL Touchpoints 152 11.7.4 Deployment 152 11.8 BSIMM’s 12 Practice Areas 153 11.9 Measuring Results with BSIMM 153 11.10 The BSIMM Community 153 11.11 Conducting a BSIMM Assessment 153 11.12 Summary 157 Chapter Quick Check 157 Exercises 158 References 158 Chapter 12: Frontiers for AppSec 159 CHAPTER OVERVIEW 159 CHAPTER TAKEAWAYS 159 12.1 Internet of Things (IoT) 159 12.1.1 The Industry Responds 160 12.1.2 The Government Responds 161 12.2 Blockchain 161 12.2.1 Security Risks with Blockchain Implementations 161 12.2.2 Securing the Chain 163 12.3 Microservices and APIs 163 12.4 Containers 165 12.4.1 Container Security Issues 165 12.4.2 NIST to the Rescue Again! 166 12.5 Autonomous Vehicles 167 12.6 Web Application Firewalls (WAFs) 167 12.7 Machine Learning/Artificial Intelligence 168 12.8 Big Data 169 12.8.1 Vulnerability to Fake Data Generation 169 12.8.2 Potential Presence of Untrusted Mappers 170 12.8.3 Lack of Cryptographic Protection 170 Contents xv
  • 21.
    12.8.4 Possibility ofSensitive Information Mining 170 12.8.5 Problems with Granularity of Access Controls 170 12.8.6 Data Provenance Difficulties 171 12.8.7 High Speed of NoSQL Databases’ Evolution and Lack of Security Focus 171 12.8.8 Absent Security Audits 171 12.9 Summary Chapter Quick Check 171 171 Exercises 172 References 172 Chapter 13: AppSec Is a Marathon—Not a Sprint! 175 CHAPTER OVERVIEW 175 CHAPTER TAKEAWAYS 175 13.1 Hit the Road 176 13.2 13.3 Getting Involved with OWASP Certified Secure Software Lifecycle Professional (CSSLP®) 13.3.1 Why Obtain the CSSLP? 176 177 177 13.4 Higher Education 177 13.5 Conclusion 179 Chapter Quick Check 179 Exercises 180 References 180 Appendix A: Security Acceptance Criteria 181 Sample Acceptance Criteria for Seven Categories of Application Security Functions or Attributes 181 Appendix B: Resources for AppSec 187 Training 187 Cyber Ranges 187 Requirements Management Tools Threat Modeling 188 188 Static Code Scanners: Open Source Static Code Scanners: Commercial 188 189 Dynamic Code Scanners: Open Source 189 Dynamic Code Scanners: Commercial Maturity Models 189 189 Software Composition Analysis 190 IAST Tools 190 API Security Testing 190 xvi Practical Security for Agile and DevOps
  • 22.
    Runtime Application Self-Protection(RASP) 190 Web Application Firewalls (WAFs) 191 Browser-centric Protection 191 Appendix C: Answers to Chapter Quick Check Questions 193 Glossary 203 Index 205 Contents xvii
  • 24.
    Figure 1.1 Agile/ScrumFramework 4 Figure 2.1 Agile/Scrum Framework 10 Figure 2.2 A Typical User Story and Its Lifecycle 12 Figure 2.3 Expanded Activities Inside a Sprint 14 Figure 2.4 Agile and DevOps 16 Figure 2.5 DevSecOps Cycle 17 Figure 3.1 Bundles of Courses Stratified by Role in the SDLC 26 Figure 4.1 Software Development Pitfalls 35 Figure 5.1 Defense in Depth Illustrated 56 Figure 6.1 OWASP Top 10 Proactive Controls 74 Figure 6.2 Structure of OWASP Top 10 Proactive Controls Documentation 75 Figure 6.3 OWASP Secure Application Design Project Checklist 77 Figure 6.4 Simplified Data Flow Diagram 79 Figure 7.1 Burp Suite Features 88 Figure 7.2 Input Validation Techniques 91 Figure 7.3 Handling Bad Input 94 Figure 8.1 Code Review Process 100 Figure 8.2 SAST Model of Environment under Analysis 105 Figure 8.3 Finding Vulnerabilities Using SAST 106 Figure 8.4 Some Sample Veracode-Recognized Cleansers 109 Figure 9.1 Application Security Verification Standard (ASVS) Version 4 Levels 118 Figure 10.1 DevSecOps Cycle 128 Figure 10.2 The Three Ways for DevOps—The First Way: Systems Thinking 131 List of Figures and Tables xix
  • 25.
    Figure 10.3 TheThree Ways for DevOps—The Second Way: Amplify Feedback Loops 131 Figure 10.4 The Three Ways for DevOps—The Third Way: Culture of Continual Experimentation and Learning 132 Figure 11.1 OpenSAMM Model 141 Figure 11.2 Sample OpenSAMM Assessment Worksheet Extract 146 Figure 11.3 Sample OpenSAMM Scorecard 148 Figure 11.4 Excerpt of a Sample OpenSAMM Roadmap 149 Figure 11.5 The BSIMM Software Security Framework 151 Figure 11.6 BSIMM’s 12 Practices 154 Figure 11.7 BSIMM Average World Maturity Levels Across the 130 Participants in BSIMM V11 155 Figure 11.8 BSIMM Average Maturity Levels Across Financial Services, Insurance, and Healthcare 156 Table 3.1 Checklist for Education Program Success 30 Table 4.1 Levels of Software Criticality 43 Table 4.2 Characteristics of Good Requirements 47 Table 5.1 Nonfunctional Requirements Mapped to Development Best Practices 62 Table 6.1 Design Phase Recommendations 66 Table 6.2 Example DREAD Scoring Sheet 72 Table 13.1 SANS Institute Curriculum for Application Security Professionals 178 xx Practical Security for Agile and DevOps
  • 26.
    Preface This book waswritten from the perspective of someone who began his software security career in 2005, long before the industry began focusing on it. Making all the rookie mistakes one tends to make without any useful guidance quickly turns what’s supposed to be a helpful pro­ cess into one that creates endless chaos and lots of angry people. After a few rounds of these rookie mistakes, it finally dawned on me that we’re going about it all wrong. Software security is actually a human factor issue, not a technical or process issue alone. Throwing technology into an environment that expects people to deal with it, but failing to prepare them technically and psychologically with the knowledge and skills needed, is a certain recipe for bad results. Think of this book as a collection of best practices and effective implementation recom­ mendations that are proven to work. I’ve taken the boring details of software security theory out of the discussion as much as possible to concentrate on practical applied software security for practical people. This is as much a book for your personal benefit as it is for your academic and organization’s benefit. Professionals who are skilled in secure and resilient software development and related tasks are in tremendous demand today, and this demand will increase exponentially for the foreseeable future. As you integrate these ideas into your daily duties, your value increases to your company, your management, your community, and your industry. Practical Security for Agile and DevOps was written with the following people in mind: • Students in higher education programs within business or engineering disciplines • Appsec architects and program managers in Information Security organizations • Enterprise architecture teams with a focus on application development • Scrum Teams ○ Scrum Masters ○ Engineers/developers ○ Analysts ○ Architects ○ Testers • DevOps teams • Product owners and their management xxi
  • 27.
    xxii Practical Securityfor Agile and DevOps • Project managers • Application security auditors • Agile coaches and trainers • Instructors and trainers in academia and private organizations How This Book Is Organized • Chapter 1 brings the state of software development up to date after the tsunami of changes that have flipped software development and application security practices on their head since the first edition of this book came out. • Chapter 2 takes a detailed look at the Agile and Scrum software development methodol­ ogy to explore how security controls need to change in light of an entirely new paradigm on how software is developed and how software is used. • Chapter 3 focuses on ways to educate everyone who has a hand in any software develop­ ment project with appropriate and practical skills to Build Security In. We look at ways of influencing development teams to espouse software security in their day-to-day activi­ ties, establishing a role-based curriculum for everyone, suggestions on how to roll out training, and ways to “keep the drumbeat alive” all year long through outreach and events. • Chapters 4 looks at the specification steps of new or altered software with ways to incor­ porate security controls and other nonfunctional requirements into user stories that bring to life the concepts of “Shift Left” and Building Security In. This chapter examines 15 families of nonfunctional requirements and 11 families of application security controls. • Chapter 5 moves into foundational and fundamental principles for secure application design. It covers important concepts, techniques, and design goals to meet well-understood acceptance criteria on features an application must implement. • Chapter 6 examines how the design sprint is adapted for proper consideration of security and other nonfunctional requirements (NFRs) and ways to conduct threat modeling, application risk analysis, and practical remediation while the design is still malleable. • Chapter 7 on defensive programming includes information on the Common Weaknesses Enumeration (CWE™), the OWASP Top 10 (2017), and some ways to address the funda­ mental scourge of application security vulnerabilities—failure to sanitize inputs. • Chapter 8 is focused on white box application analysis with sprint-based activities to improve security and quality of an application under development. Static code analysis is covered in depth for context on what these tools do and the assumptions they use for operating. • Chapter 9 looks at black box or grey box analysis techniques and tools for testing a run­ ning version of an application for software or quality shortcomings. • Chapter 10 is focused on techniques and activities to help transform the DevOps process into a DevSecOps process with appropriate controls, metrics, and monitoring processes. • Chapter 11 looks at two popular software maturity and metrics models for helping you to determine the effectiveness and maturity of your secure development program. • Chapter 12 takes a survey of the frontier where software use is expanding. It covers topics including Internet of Things (IoT), artificial intelligence (AI), machine learning, block- chains, microservices, application programming interfaces (APIs), containers, and more.
  • 28.
    Preface xxiii • Chapter13 closes the book with a call to action to help you gain access to professional education, certification programs, and industry initiatives to which you can contribute. Each chapter logically builds on prior chapters to help you paint a complete set of practical steps that lead to secure and resilient application software and responsive, secure development practices that predictably and reliably produce high-quality and resilient applications.
  • 30.
    About the Author MarkS. Merkow, CISSP, CISM, CSSLP, works at HealthEquity, Inc., in Tempe, Arizona, helping to lead application and IT security architecture and engineering efforts in the office of the CISO. In addition to his day job, Mark is a faculty member at the University of Denver, where he works on developing and instructing online courses in topics across the Information Security spectrum, with a focus on secure software development. He also works as an advisor to the University of Denver’s Information and Computing Technology Curriculum Team for new course development and changes to the curriculum. Mark has over 40 years of experience in IT in a variety of roles, including application development, systems analysis and design, security engineering, and security management. Mark holds a Master of Science in Decision and Information Systems from Arizona State University (ASU), a Master of Education in Distance Education from ASU, and a Bachelor of Science in Computer Information Systems from ASU. Mark has authored or coauthored 17 books on IT and has been a contributing editor to four others. Mark remains very active in the information security community, working in a variety of volunteer roles for the Phoenix Chapters of (ISC)2®, ISACA®, and OWASP. You can find Mark’s LinkedIn® profile at: linkedin.com/in/markmerkow xxv
  • 32.
    Chapter 1 Today’s SoftwareDevelopment Practices Shatter Old Security Practices CHAPTER OVERVIEW Software development techniques and methodologies leapfrog over themselves constantly, making efforts to secure them a moving target that won’t wait. To address this fact, it’s essen­ tial that application security controls and their implementation are as agile as the development processes they support. In this chapter, you’ll find some strategies to address these moving targets, while applying tried-and-true security control implementations that remain standing over time. CHAPTER TAKEAWAYS • Examine the changes in the software development lifecycle (SDLC) since its inception. • Explain the Agile/Scrum Framework for modern day software development. • Describe the Shift Left approach to implementing software development security controls. • Understand the principles that apply to successful implementation of application security programs. In the decade since Secure and Resilient Software Development1 was published, the world of software development has flipped on its head; shed practices from the past; brought about countless changes; and revolutionized how software is designed, developed, maintained, oper­ ated, and managed. These changes crept in slowly at first, then gained momentum, and have since overtaken most of what we “know” about software development and the security tried-and-true methods 1
  • 33.
    2 Practical Securityfor Agile and DevOps that we’ve relied on and implemented over the years. Involvement of application security (appsec) professionals—if it happened at all—happened WAY too late, after executive deci­ sions were already made to supplant old practices and the ink was already dried on contracts with companies hired to make the change. This late (or nonexistent) involvement in planning how to address security hobbles appsec practitioners who are forced to bargain, barter, or somehow convince development teams that they simply cannot ignore security. Compound this problem with the nonstop pace of change, and appsec professionals must abandon old “ways” and try to adapt controls to a moving target. Furthermore, the risks with all-new attack surfaces (such as autonomous vehicles), reliance on the Internet of Things (IoT), and software that comes to life with kinetic activity can place actual human lives in real danger of injury or death. Although we may have less work on our hands to convince people that insecure software is a clear and present danger, appsec professionals have to work much harder to get everyone on board to apply best practices that we are confident will work. A decade ago, we were striving to help appsec professionals convince development organi­ zations to—minimally—address software security in every phase of development, and for the most part over the decade, we saw that far more attention is being paid to appsec within the SDLC. Now, however, we’re forced to adapt how we do things to new processes that may be resistant to any changes that slow things down, while the risks and impacts of defective soft­ ware increase exponentially. Here’s the definition of software resilience that we’ll use throughout the book. This defini­ tion is an adaptation of the National Infrastructure Advisory Council (NIAC) definition of infrastructure resilience: Software resilience is the ability to reduce the magnitude and/or duration of disruptive events. The effectiveness of a resilient application or infrastructure software depends upon its ability to anticipate, absorb, adapt to, and/or rapidly recover from a potentially disruptive event.2 In this chapter, we’re going to survey this new landscape for these changes to update our own models on how to adapt to the brave new world and maintain software security, resilience, and agility. 1.1 Over the Waterfall New paradigms have rapidly replaced the Waterfall model of software development that we’ve used since the beginning of the software age. Agile and Scrum SDLCs have all but displaced the rigorous (and sometimes onerous) activities, and have most certainly displaced the notion of “phase containment,” which appsec professionals have counted on as a reliable means to prevent defects from creeping into subsequent phases. This new landscape includes Agile/Scrum, DevOps, continuous integration/continuous deployment (CI/CD), and the newest revolution working its way in, site reliability engineer­ ing (SRE). To adapt to these changes, we need to understand how the rigor we’ve put into Waterfall-based projects and processes has been swept away by the tsunami of change that demands more software, faster and cheaper.
  • 34.
    Today’s Software DevelopmentPractices Shatter Old Security Practices 3 Changes in the software development paradigm forces change in the software security para­ digm, which MUST work hand-in-hand with what development teams are expected to do. While we typically had a shot at inspecting software for security issues at the end of the development cycle (because of phase containment), this control point no longer exists. The new paradigm we had to adopt is called Shift Left, preserving the notion that there are still phases in the SDLC, while recognizing the fact that there aren’t. 1.2 What Is Agile? In essence, Agile and Scrum are based on the philosophy that software takes on a life of its own, constantly being improved, extended, and enhanced, and these changes can be delivered in hours, rather than weeks, months, or years. Let’s take a look at the overall scope of the Agile/Scrum process, as shown in Figure 1.1. This diagram encapsulates all the processes described by Scrum and some suggested time frames showing how it compresses time into digestible bites that continue to produce software. Some new roles are also indicated (e.g., product owner and Scrum master), and teams are composed of ALL the roles you formerly find on separate teams using Waterfall methods. This means that one team is composed of the roles responsible for analysis, design, coding, testing, coordination, and ongoing delivery as new features are added, changes are made, or defects removed. It also means that work is not tossed over the wall to the next person in line to do “something.” The team is responsible for all the effort and results. A minimally viable product (MVP) is the first release of a new software application that’s considered “bare bones” but has sufficient functionality for release to the market before the competition releases their own version. While the actions are not shown in each sprint, they typically follow the same activities you’d find in the Waterfall model, but with more itera­ tions and fewer phase gates that control when software is tested and released. Software is then changed regularly and is never really considered “complete.” This creates severe challenges for appsec. We’ll examine the Agile/Scrum process in depth in Chapter 2 and look inside each sprint to see where security controls can work. 1.3 Shift Left! Shifting Left requires that development teams address software security from the very incep­ tion of a project (Build Security In) and in every step along the way to its manifestation. This means that everyone who has a hand in the specification and development of this new soft­ ware “product” clearly understands their security obligations and is prepared and able to meet those obligations. Security teams can no longer “do” security for development teams—the teams must be responsible and able to prove they’re living up to those expectations. We’ll talk about how to make this happen with development team awareness, training, and education in Chapter 3. Shifting left also requires new ways in how designers create solutions based on the require­ ments and how they vet those solutions for potential security problems, since they clearly
  • 35.
  • 36.
    Today’s Software DevelopmentPractices Shatter Old Security Practices 5 understand that changes in design, once an application is developed, will cost potentially hun­ dreds of times more than if the defects were caught while architecture and engineering is underway. Developers are affected because they’re not given the luxury of time for extensive testing, as they often had with former practices. Now, developers may release new code all day and see it deployed within minutes, so it’s vital that these developers “own” the responsibility for securing it, which means developing it using a defensive programming state of mind. Shifting Left in the development activity involves active use, and appropriate response, with security checks built directly into their integrated development environment (IDE)—for example, Visual Studio or Eclipse. Although these checks are on incomplete segments of an overall application, coding pro­ vides the first opportunity for security inspection and is needed to continue the cycle of appsec. Testing presents a major challenge to appsec because tolerance for long-running tests has all but disappeared. Although it’s true that a comprehensive (finished this time) application is needed for comprehensive testing, product managers won’t wait anymore while security tests are run, and vulnerable applications may be deployed (ship it now—fix it later). Shifting left in this environment forces security testing to happen incrementally, in what we used to call integration testing—the point in development at which all the elements come together to build a new version of the software. If the implementation of security testing is done correctly and responsively to the needs of the product managers, it can serve as a control to actually “break” a build and force remediation of defects. We’ll discuss this at length in Chapters 10 and 11 where we focus on testing. Taken together, shifting left in the appsec space makes it possible to gain the assurance we need that our applications are appropriately secure, but it changes the role of appsec profes­ sionals from “doing” appsec to needing to empower everyone who touches software in the SDLC with practical and appropriate knowledge, skills, and abilities. Although the names and accelerated pace have significantly changed how we deal with appsec, the activities of software development, as we understood them in Waterfall method­ ologies, are still present. Requirements are still being gathered, designs are still being built, coders are still coding, testers are still testing, and operators are still deploying and managing applications in production. We can apply what we know works to help secure applications in development, but we have to step back and let those who are intimate with the application do the heavy lifting and prove to us that they’ve done what they needed to do! At the end of the day, software security is a human factors issue—not a technical issue— and for appsec professionals to succeed in implementing application controls, it’s vital to treat the human factor in ways we know work, rather than throwing more tools at the problem. 1.4 Principles First! Before we dig into the details on how to create and maintain excellence in application security programs, let’s cover some enduring principles that we need to live by in everything we do to secure application software and the processes used to create it: • Secure application development is a PEOPLE issue, not a technical one. • Every intervention into the SDLC affects people.
  • 37.
    6 Practical Securityfor Agile and DevOps • Shift Left within the SDLC as much of the appsec work as you can—the more security work that’s performed closest to the point at which defects are introduced is the surest way of eliminating them and preventing “defect creep” from one phase or activity to the next. • AppSec tools are great but are of questionable use if the people using them don’t understand: ○ What the tool is telling them ○ Why their code is vulnerable ○ How their code is vulnerable ○ What do to about the vulnerability • People can only deal with so much change at one time—too many changes all at once to their processes leads to chaos and, ultimately, rebellion. • Automate everything that you can (scanning, remediation planning, retesting, etc.). • There are only so many of us in the information security departments, but there are thousands of development team staff who need accountability. Don’t treat security as a punishment or barrier. Convince development team members that it empowers them— makes them more valuable as employees and members of the development community— and they’ll quickly learn that it does all these things! 1.5 Summary In Chapter 1, we surveyed the modern-day landscape on how software is developed, oper­ ated, and managed to understand the impacts these changes have imposed on how we design, develop, and implement control mechanisms to assure software security and resilience. We’ll begin to explore how appsec professionals can use Agile practices to improve Agile practices with security controls and how baking in security from the very start is the surest way to gain assurance that your applications can stand up and recover from chronic attacks. Chapter Quick Check 1. A design principle to guide the selection of controls for an application to ensure its resil­ ience against different forms of attack, and to reduce the probability of a single point of failure in the security of the system is called: a) Defense in depth b) Least privilege c) Security by obscurity d) Secure defaults 2. Poor Application Software Security is: a) A network security problem b) An operating system security problem c) A software development and engineering problem d) A user-caused problem
  • 38.
    3. Giving aprogram the minimal authority to access resources is called: a) Principle of Keep Security Simple b) Principle of Least Privilege c) Principle of Fail Securely d) Principle of Defense in Depth Exercises 1. Everyone feels the effects of flawed or vulnerable software when it’s attacked, and you’ve likely seen some of the consequences from these attacks. Who is (or should be) ulti­ mately responsible for assuring that software that’s released into the wild of the Internet is developed and operated with security in mind? 2. You can get software cheap and fast, but it won’t be very good. You can get it good and fast, but it won’t come cheaply. Consider these tradeoffs and consequences: • What do you think the choices being made are in today’s international software develop­ ment community? • What do you think we can do to change this and end the scourge of bad software? References 1. Merkow, M. S. and Raghavan, L. (2010). Secure and Resilient Software Development. Boca Raton (FL): CRC Press. 2. Department of Homeland Security (DHS). (2009, September 8). Critical Infrastructure Resilience Final Report and Recommendations. National Infrastructure Advisory Council (NIAC). Retrieved June 11, 2019, from http://www.dhs.gov/xlibrary/assets/niac/niac_critical_ infrastructure_resilience.pdf Today’s Software Development Practices Shatter Old Security Practices 7
  • 40.
    Chapter 2 Deconstructing Agileand Scrum CHAPTER OVERVIEW Chapter 2 provides an examination of the activities found in the Scrum Model and how to implement security controls. The movement to Scrum and DevOps underscores the need for changes related to People, Process, and Technology that moves an organization from silo-based software development to community- and team-based marriages that ultimately form into DevSecOps that “Build Security In” for all custom-developed software. CHAPTER TAKEAWAYS • Determine the placement and timing of security activities in Scrum sprints for architec­ ture and development. • Determine steps that lead to “Shifting Left” the performance of security controls to pre­ vent impeding the natural flow of Scrum processes. • Examine the DevSecOps environment in which automation of security controls improves both the software development lifecycle (SDLC) process and the software that it produces. For purposes of context setting and terminology, we’re going to deconstruct the Agile/Scrum development methodology to discover areas in which appsec controls help in securing software in development and also help to control the development methodology itself. We’ll look at ways to use Agile to secure Agile. Let’s revisit the overall scope of the Agile/Scrum process, shown in Figure 2.1 (originally Figure 1.1). There’s Agile/Scrum as a formal, strict, tightly controlled process, and then there’s Agile/ Scrum as it’s implemented in the real world. Implementation of Agile will vary from the fun­ damentalist and purist views to various elements that appear as Agile-like processes, and every­ thing in between. It’s less important HOW it’s implemented in your environment than it is to understand WHAT your specific implementation means to your appsec efforts. 9
  • 41.
  • 42.
    Deconstructing Agile andScrum 11 2.1 The Goals of Agile and Scrum Agile software development refers to software development lifecycle (SDLC) methodologies based on the idea of iterative development, in which requirements and solutions evolve through collaboration between self-organizing, cross-functional teams. Agile development is designed to enable teams to deliver value faster, with greater quality and predictability and greater abili­ ties to respond to change.1 Scrum and Kanban are the dominant implementations of Agile, and Scrum is the one most often found in software development organizations. 2.2 Agile/Scrum Terminology Here are some common terms and roles found within Agile SDLCs: Product—the application under development, enhancement, or replacement. Product Backlog—the list of features or requirements that the product must include. These features are prioritized by the product owner for submission to sprints. Product Owner—typically from a business unit or business area who becomes responsible for the creation of new products through the specifications (user stories) they create and add to the product backlog. Think of the product owner as the sponsor of the work the team performs overall. Often, the Scrum team and the product owner work in entirely different organizations (a business unit outside of the technology division of the firm). User Stories—help to shift the focus from writing about requirements to talking about them.2 Stories use nontechnical language to provide context for the development team and their efforts. After reading a user story, the team knows why they are building what they’re build­ ing and what value it creates.3 User stories are added to sprints and “burned down” over the duration of the sprint. Figure 2.2 depicts an example of a typical user story4: Sprint—a fixed, time-boxed period of time (typically from 2 to 4 weeks), during which spe­ cific prioritized requirements (user stories) are fed in from the product backlog for design or development. Definition of Done (DoD)—An important Scrum concept that documents the state of the product in relation to the acceptance criteria across all the user stories within a product increment. DoD user stories can drive the quality of work and are used to assess when a user story has been completed and meets all acceptance criteria. 2.3 Agile/Scrum Roles Scrum role team titles are only relevant in establishing each person’s specific expertise, but they don’t lock those who are in that role into only performing that activity. Teams are
  • 43.
  • 44.
    Deconstructing Agile andScrum 13 self-organizing, so expertise is shared across the team as needed to meet their objectives. The following are those roles of the team that you commonly find in Scrum: • Scrum Master is the person who serves as conductor and coach to help team members carry out their duties. Scrum masters are experts on Scrum, oversee the project through­ out, and offer advice and direction. The Scrum master most often works on one project at a time, gives it their full attention, and focuses on improving the team’s effectiveness.5 • Analysts work with the product owner and Scrum master to develop and refine the user stories that are submitted for development within a development sprint. • Architects work on the design of the application architecture and design to meet the requirements described by the user stories. Design work is conducted in a design sprint, sometimes called sprint zero. • Designers work on the aspects of the product that relate to user interfaces and user expe­ rience with the product. Essentially, designers are translators for the following aspects of the product6: ○ Translate users’ desires and concerns for product owners. ○ Translate features for users—how the product will actually work and what it looks like. ○ Translate experiences and interfaces for engineers. • Engineer/Lead Engineer/Developers work to build (code) the features for the applica­ tions based on user story requirements for each sprint. • Testers/Quality Assurance (QA) Leads are those who work to determine if the applica­ tion being delivered meets the acceptance criteria for the user stories and help to provide proof for the DoD for those user stories and, ultimately, the product. As you’ll see in Chapter 3, each of these roles require specialized application security train­ ing to help them to gain the skills they need for ownership and responsibility of security for their product. 2.4 Unwinding Sprint Loops With the basic model and understanding of the roles people play within Scrum, let’s now take a look at what happens inside each sprint as the cycle of development proceeds. Figure 2.3 expands on the steps inside a sprint loop.7 Under the paradigm of Building Security In, you can find opportunities for effective secu­ rity controls throughout the product’s lifecycle. Beginning with Requirements Refinement for product backlog development, this is the opportunity to specify security functional and nonfunctional requirements (NFRs) as user stories or constraints on existing user stories in the form of acceptance criteria that drives the DoD. This approach forces everyone on the team to not only consider security but also describe exactly how they plan to meet the control needs. This basic step will drive all follow- on activity to address security requirements and concerns head on through the analysis stage,
  • 45.
    Other documents randomlyhave different content
  • 46.
    world. Travellers hadbut few facilities in those days: the rough fishing boat across the often angry loch; the coach that in October did not run “every lawful day,” but only at intervals; the absence of all comfortable accommodation would grievously affect the young men nowadays who set out in a sleeping carriage from the depths of the Highlands to take their berths in a P. and O. Robbie thought of none of these luxuries, which were not yet invented. His parting from his father and brother was not emotional: all that had been got over when the group about the doors had waved their last good-bye. He was more anxious about the portmanteaux, upon which he looked with honest pride, and which contained among many other things the defective half-dozen of handkerchiefs. Ronald Drummond met him at the side of the loch with his boxes, which contained a more ample outfit than Robbie’s, and the sword-case which had been in the Peninsula, a distinction which drew all eyes. “It’s me the next,” Jock shouted as a parting salutation, as the brown sail was hoisted, and the boat, redolent of herrings, carried the two adventurers away. “Weel,” said Marg’ret, “the laddie’s gane, and good go with him. It’s ane less to think of and fend for. And we must just all go back to our work. Whoever comes or whoever goes, I have aye my dinner to think of, and the clean clothes to be put into the drawers, and the stockings to darn a’ the same.” “If you’ll put an iron to the fire, Marg’ret, I’ll come and do the collars,” said Mary, “he was always so particular, poor Robbie. There will be no fyke now with trying to please him.” “I cannot settle to work,” said Kirsteen, “and I will not. I’m not just a machine for darning stockings. I wish I was Robbie going out into the world.” “Oh, Kirsteen, come and see the rabbits he gave me,” said Jeanie. “He would not trust one of them to the boys, but gave them to me. Come and take them some lettuce leaves. It will keep us in mind of Robbie.” There was perhaps some danger that the recollection of the brother departed would not last very long. So many had gone before him and there were still others to go. But Kirsteen avoided Jeanie and the rabbits and suddenly remembered something she had to get at the “merchant’s,” which was a full mile off— worsted for her mother’s knitting and needles for herself, who was always,
  • 47.
    to the reprobationof the elder members of the family, losing her needles. She was glad to represent to herself that this errand was a necessity, for a house without needles how can that be? and poor mother would be more dependent than ever on everything being right for her work, on this melancholy day. It was still quite early, about nine o’clock, and it was with a compunction that Kirsteen gave herself the indulgence of this walk. A morning away from work seemed to her almost an outrage upon life, only to be excused by the circumstances and the necessity of the errand. She walked along the familiar road not noting where she went, her thoughts far away, following the travellers, her mind full of an agitation which was scarcely sorrowful, a sort of exaltation over all that was common and ordinary. The air and the motion were good for her, they were in harmony with that condition of suppressed excitement in which from the depths of her being everything seemed bubbling up. Kirsteen’s soul was like one of the clear pools of the river by which she walked, into which some clear, silvery, living thing had leaped and lived. Henceforward it was no more silent, no longer without motion. The air displaced came up in shining globules to the surface, dimpling over the water, a stir was in it from time to time, a flash, a shimmering of all the ripples. Her mind, her heart were like the pool—no longer mirroring the sky above and the pathway ferns and grasses on the edge, but something that had an independent life. She roamed along without being able to tell, had any one asked her, where she was. The road was a beautiful road by the side of a mountain stream, which was only called the burn, but which was big enough for trout or even now and then salmon—which ran now along the side of the bill, now diving deep down into a ravine, now half hid with big overreaching banks, now flinging forth upon a bit of open country, flowing deep among the rocks, chattering over the shallows, sometimes bass sometimes treble, an unaccountable, unreasonable, changeable stream. Red rowan-tree berries hung over it reflecting their colour in the water. The heather on the hill came in deep russet tones of glory defeated, and the withered bracken with tints of gold, all gaining a double brilliancy from the liquid medium that returned their image. To all these things Kirsteen was so well accustomed that perhaps she did not at any time stop to note them as a stranger might have done. But to-day she did not know what was about her; she was walking in more beautiful landscapes, in the land of imagination, by the river of love, in the country of the heart. The pays du tendre which was
  • 48.
    ridiculous when allthe fine ladies and gentlemen postured about in their high-heeled shoes is not absurd when a fresh and simple maiden crosses its boundary. She went down the glen to the merchant’s and chose her wool, and bought her needles, and said a few words to the women at their doors, and shed a few more tears when they were sorry for her about her brother’s going away, without ever leaving that visionary country, and came back from the village more deeply lost in it than ever, and hearing the whisper of last night in every motion of the branches and every song of the burns. “Will ye wait for me, Kirsteen?” though it was only this morning that he went away, and years and years must pass before he came back—“Ay, that I will! That I will.” She had nearly reached home again, coming back from the merchant’s— for even her reverie and the charm of it could not keep Kirsteen’s step slow, or subdue its airy, skimming tread—when she came up to the carter with his cart who had carried Robbie’s luggage to Inveralton. She stopped to speak to him, and walked along by his side timing her steps to those of his heavy, slow tread and the movement of the laborious, patient horse. “Did you see him, Duncan?” she said. “Oh, ay, I saw him—and they got away fine in James Macgregor’s boat; and a quick wind that would carry them over the loch in two or three minutes.” “And how was he looking, Duncan?” “ ’Deed, Miss Kirsteen, very weel: he’s gaun to see the world—ye canna expect a young boy like that to maen and graen. I have something here for you.” “Something for me!” She thought perhaps it was something that had been put into the gig by mistake, and was not excited, for what should there be for her? She watched with a little amusement Duncan’s conflict with the different coats which had preserved his person from the night cold. He went on talking while he struggled. “The other laddie, Jock, I left to come home with the maister in the gig. He thought it was fine—but I wouldna wonder if he was regretting Duncan and the cart—afore now. Here it is at last, and a fecht to get it. It is a book from Maister Ronald that you gave him a loan of—or something o’ that kind—if I could but mind what gentles say—”
  • 49.
    “Gave him—a loanof—?” cried Kirsteen, breathless. She had to turn away her head not to exhibit to Duncan the overwhelming blush which she felt to cover her from head to foot. “Oh, yes,” she added after a moment, taking the little parcel from his hand, “I—mind.” Let us hope that to both of them the little fiction was forgiven. A loan of —she had nothing to lend, nor had he ever borrowed from her. It was a small paper parcel, as if it contained a little book. Kirsteen never could tell how she succeeded in walking beside the carter for a few steps further, and asking him sedately about his wife and the bairns. Her heart was beating in her ears as if it would burst through. It was like a bird straining at its bonds, eager to fly away. Then she found herself at home where she had flown like the wind, having informed Duncan that she was “in a great hurry”—but in the passage, on the way to her own room, she met Mary, who was coming from the kitchen with a number of shining white collars in her arms which she had been ironing. “Where have you been?” said Mary. “My mother has been yammering for you. Is this an hour of the day to go stravaighing for pleasure about the roads?” Mary pronounced the last word “rods,” though she prided herself on being very correct in her speech. “Me—I have been to the merchant’s for my mother’s fingering for her stockings,” Kirsteen said breathlessly. “It was wheeling she wanted,” said Mary with exasperating calm; “that’s just like you, running for one thing when it’s another that’s wanted. Is that it in that small parcel like a book?” “No, that’s not it,” said Kirsteen, clasping the little parcel closer and closer. “It’s some poetry-book you’ve had out with you to read,” said her sister, as if the acme of wrong-doing had been reached. “I would not have thought it of you, Kirsteen, to be reading poetry about the rods, the very morning that Robbie’s gone away. And when my mother is so ill she cannot lift her head.” “I’ve been reading no poetry,” cried Kirsteen, with the most poignant sense of injury. “Let me pass, Mary, I’m going up the stair.”
  • 50.
    But it wasMarg’ret now who interposed, coming out at the sound of the altercation. She said, “Miss Kirsteen, I’m making some beef-tea for the mistress. Come in like a dear and warm your hands, and ye can carry it up. It will save me another trail up and down these stairs.” Kirsteen stood for a moment obstructed on both sides with a sense of contrariety which was almost intolerable. Tears of vexation rose to her eyes. “Can I not have a moment to myself?” she cried. “To read your poetry!” Mary called after her in her mild little exasperating voice. “Whist, whist, my lamb, say nothing,” said Marg’ret. “Your mother canna bide to have a talking. Never you mind what she says, think upon the mistress that’s lying up there, wanting to hear everything and canna— wanting to be in the middle of everything and no equal to it. It was no that I grudge going up the stairs, but just to keep a’ things quiet. And what’s that you’ve gotten in your hand?” “It’s just a small parcel,” said Kirsteen, covering it with her fingers. “It’s just a—something I was buying—” “Not sweeties,” said Marg’ret solemnly; “the bairns had more than plenty last night—” “Never you mind what it is,” said Kirsteen with a burst of impatience, thrusting it into her pocket. “Give me the beef-tea and I’ll take it up stairs.” Mrs. Douglas lay concealed behind her curtains, her face almost in a fluid state with constant weeping. “Oh, set it down upon the table,” she said. “Do they think there’s comfort in tea when a woman has parted with her bairn? And where have ye been, Kirsteen? just when I was in want of ye most; just when my head was sorest, and my heart like to break—Robbie gone, and Mary so taken up with herself, and you—out of the way—” “I’m very sorry, mother,” said poor Kirsteen. “I ran down to the merchant’s to get you your yarn for your knitting. I thought you would like to have it ready.” Mrs. Douglas rocked her head back and forward on her pillow. “Do I look like a person that’s thinking of yarn or of stockings, with my head aching and my heart breaking? And none of you can match a colour. Are you sure it’s the same? Most likely I will just have to send Marg’ret to change it. What’s that bulging out your pocket? You will tear every pocket you have with parcels in it as if ye were a lad and not a lass.”
  • 51.
    “It’s only avery small thing,” said Kirsteen. “If that’s the yarn ye should never let them twist it up so tight. It takes the softness all out of it. Where are ye going the moment you’ve come back? Am I to have nobody near me, and me both ill in body, and sore, sore distrest in mind? Oh, Kirsteen, I thought ye had a truer heart.” “Mother, my heart’s true,” cried the girl, “and there’s nothing in the world I would not do to please you. But let me go and put away my things, let me go for a moment, just for a moment. I’ll be back again before you’ve missed me.” “You’re not always so tidy to put away your things,” said the invalid; “sit down there by my bedside, and tell me how my bonnie lad looked at the last. Did he keep up his heart? And was your father kind to him? And did you see that he had his keys right, and the list of all his packages? Eh, me, to think I have to lie here and could not see my laddie away.” “But, mother, you have never done it,” said Kirsteen, “to any of the boys —and Robbie never expected—” “You need not mind me,” said Mrs. Douglas, “of the waik creature I’ve always been. Aye in my bed or laid up, never good for anything. If you’ll lift me up a little, Kirsteen, I might maybe try to swallow the beef tea; for eh! I have much, much need of support on such a doleful day. Now another pillow behind my back, and put the tray here; I cannot bear the sight of food, but I must not let my strength run down. Where are you going now, you restless thing? Just stay still where you are; for I cannot do without you, Kirsteen. Kirsteen, do you hear me? The doctor says I’m never to be left by myself.” It was not till a long time after that Kirsteen was free. Her eager expectation had fallen into an aching sense of suspense, a dull pang that affected both mind and body. Instead of the rapid flight to her room full of anticipation in which she had been arrested in entering the house, she went soberly, prepared for any disenchantment. The room was shared with her younger sister Jeanie, and it seemed quite probable that even a moment’s solitude might be denied her. When she found it empty, however, and had closed the door upon herself and her secret, it was with trembling hands that she opened the little parcel. It might be the handkerchief sent back to her, it might be some other plain intimation that he had changed his mind. But when the covering was undone, Kirsteen’s heart leaped up again to that
  • 52.
    sudden passion ofjoy and content which she had first known yesterday. The parcel contained the little Testament which Ronald had carried to church many a Sunday, a small book bound in blue morocco, a little bent and worn with use. On the flyleaf were his initials R. D., the letters of the handkerchief, and underneath C. D. freshly written. He had made rather clumsily, poor fellow, with a pencil, a sort of Runic knot of twisted lines to link the two names together. That was all. Nowadays the young lover would at least have added a letter; seventy years ago he had not thought of it. Kirsteen’s heart gave a bound in her breast, and out of weariness and contradiction and all the depressing influences of the morning, swam suddenly into another world: a delicious atmosphere of perfect visionary bliss. Never were public betrothals more certain, seldom so sweet. With a timid movement, blushing at herself, she touched with her lips the letters on the title-page.
  • 53.
    PART II. CHAPTER V. Mr.Douglas of Drumcarro was the son of one of the Scotch lairds who had followed Prince Charlie, and had been attainted after the disastrous conclusion of the Forty-Five. Born in those distracted times, and learning as their very first lessons in life the expedients of a hunted man to escape his pursuers, and the anguish of the mother as to the success of these expedients, the two half-comprehending children, twin boys, had grown up in great poverty and seclusion in the corner of a half-ruined house which belonged to their mother’s father, and within cognizance of their own real home, one of the great houses of the district which had passed into alien hands. When they set out to make their fortune, at a very early age, their mother also having in the meantime died, two half-educated but high- spirited and strongly-feeling boys, they had parted with a kind of vow that all their exertions should be addressed to the task of regaining their old possessions and home, and that neither should set foot again upon that beloved alienated land until able in some measure to redeem this pledge. They went away in different directions, not unconfident of triumphantly fulfilling the mutual promise; for fame and fortune do not seem very difficult at sixteen, though so hard to acquire at a less hopeful age. Willie, the younger, went to England, where some relations helped him on and started him in a mildly successful career. He was the gentlest, the least determined of the two, and fortune overtook him in a manner very soothing after his troubled boyhood in the shape of a mild competency and comfort, wife and children, and a life altogether alien to the romance of the disinherited with which he had begun. But Neil Douglas, the elder, went further afield. He went to the West Indies, where at that period there were fortunes for the making, attended however by many accessories of which people in the next generation spoke darkly, and which still, perhaps, among unsophisticated people survive in tradition, throwing a certain stain upon the planter’s fortunes. Whether these supposed cruelties and horrors were all or almost all the exaggerations of a following agitation, belonging like many similar atrocities in America to the
  • 54.
    Abolitionist imagination, isa question unnecessary to discuss. Up to the time at which this story begins, whenever Mr. Douglas of Drumcarro quarrelled with a neighbour over a boundary line or a shot upon the hill- side, he was called “an auld slave-driver” by his opponent, with that sense of having power to exasperate and injure which gives double piquancy to a quarrel. And of him as of many another such it was told that he could not sleep of nights; that he would wake even out of an after-dinner doze with cries of remorse, and that dreams of flogged women and runaways in the marshes pursued him whenever he closed his eyes. The one thing that discredited these popular rumours among all who knew Drumcarro was that he was neither tender-hearted nor imaginative, and highly unlikely to be troubled by the recollection of severities which he would have had no objection to repeat had he had the power. The truth was that he had by no means found fortune so easily as he had hoped, and had worked in every way with a dogged and fierce determination in spite of many failures, never giving up his aim, until at last he had found himself with a little money, not by any means what he had looked for and wanted, but enough to buy a corner of his old inheritance, the little Highland estate and bare little house of Drumcarro. Hither he came on his return from Jamaica, a fierce, high- tempered, arbitrary man, by no means unworthy of the title of “auld slave- driver,” so unanimously bestowed upon him by his neighbours, who, however, could not ignore the claims of his old Douglas blood however much they might dislike the man. He had married a pretty little insipid girl, the daughter of one of his brother’s friends in “the south country,” who brought with her a piano and a few quickly-fading airs and graces to the Highland wilds, to sink as soon as possible into the feeble and fanciful invalid, entirely subject to her husband’s firmer will and looking upon him with terror, whom the reader has already seen. Poor Mrs. Douglas had not vigour enough to make the least stand against her fate. But for Marg’ret she would have fallen at once into the domestic drudge which was all Drumcarro understood or wanted in a wife. With Marg’ret to preserve her from that lower depth, she sank only into invalidism—into a timid complaining, a good deal of real suffering, and a conviction that she was the most sorely tried of women. But she bore her despotic husband seven boys without a blemish, robust and long-limbed lads equal to every encounter with fate. And this made him a proud man among his kind, strongly confident of vanquishing every adverse
  • 55.
    circumstance, in theirpersons at least, if not, as Providence seemed to have forbidden, in his own. He set his whole heart upon these boys—struggling and sparing to get a certain amount of needful education for them, not very much, it must be allowed; and by every means in his power, by old relationships half-forgotten, by connections of his West Indian period, even by such share as he could take in politics, contrived to get appointments for them, one after another, either in the King’s or the Company’s service for India. The last was much the best of any; it was a fine service, with perpetual opportunities of fighting and of distinction, not so showy as the distinctions to be gained in the Peninsula, but with far better opportunities of getting on. The four eldest were there already, and Robbie had started to follow them. For Jock, who took to his books more kindly than the others, there was a prospect of a writership. It was more easy in those days to set young men out in the world than it is now. Your friends thought of them, your political leaders were accessible; even a passing visitor would remark the boys in your nursery and lend a friendly hand. Nobody lends a friendly hand nowadays, and seven sons is not a quiverful in which a poor man has much reason to rejoice. On the other hand the girls at Drumcarro were left without any care at all. They were unlucky accidents, tares among the wheat, handmaids who might be useful about the house, but who had no future, no capabilities of advancing the family, creatures altogether of no account. Men in a higher position than the laird of Drumcarro might have seen a means of strengthening their house by alliances, through the means of four comely daughters, but the poor little Highland lairdlings, who were their only possible suitors, were not worth his trouble, and even of them the supply was few. They too went out into the world, they did not remain to marry and vegetate at home. Mr. Douglas felt that every farthing spent upon the useless female portion of his household was so much taken from the boys, and the consequence was that the girls grew up without even the meagre education then considered necessary for women, and shut out by poverty, by pride, by the impossibility of making the appearance required to do credit to the family, even the homely gaieties of the country-side. They grew up in the wilds like the heather and the bracken, by the grace of nature, and acquired somehow the arts of reading and writing, and many housewifely accomplishments, but without books, without society, without any break in the monotony of life or prospect in their future. Their brothers
  • 56.
    had gone offone by one, depriving them in succession of the natural friends and companions of their youth. And in this way there had happened a domestic incident never now named in Drumcarro; the most awful of catastrophes in the experience of the younger members of the family. The eldest of the girls, named Anne, was the handsomest of the three elder sisters. She was of the same type of beauty which promised a still more perfect development in the little Jeanie, the youngest of the daughters; with fair hair just touched with a golden light, blue eyes soft and tender, and a complexion somewhat pale but apt to blush at any touch of sentiment or feeling into the warmest variable radiance. She sang like a bird without any training, she knew all the songs and stories of the district, and read every poetry-book she could find (they were not many—The Gentle Shepherd, an old copy of Barbour’s Bruce, some vagrant volumes of indifferent verse); she was full of sentiment and dreamy youthful romance without anything to feed upon. But just at the time when her favourite brother Nigel went away, and Anne was downcast and melancholy, a young doctor came temporarily to the district, and came in the usual course to see Mrs. Douglas, for whose case he recommended certain remedies impossible to be carried out, as doctors sometimes do. He advised change of air, cheerful company, and that she should be kept from everything likely to agitate or disturb her. “That’s sae easy—that’s sae likely,” said Marg’ret under her breath. But Anne listened anxiously while the young doctor insisted upon his remedies. He came again and again, with an interest in the patient which no one had ever shown before. “If you could take her away into the sunshine—to a brighter place, where she would see new faces and new scenes.” “Oh, but how could I do that,” cried Anne, “when I have no place to take her to, and my father would not let me if I had?” “Oh, Miss Anne, let me speak to your father,” the young man pleaded. “You shall have a pleasant house to bring your mother to, and love and service at her command, if you will but listen to me.” Anne listened, nothing loth, and the young doctor, with a confidence born of ignorance, afterwards asked for an interview with Drumcarro. What happened was never known; the doctor departed in great haste, pale with wrath, Mr. Douglas’s voice sounding loud as the burn when in spate after him as he strode from the door; and Anne’s cheeks were white and her eyes red for a week after. But at the end of that week Anne disappeared and was no more seen. Marg’ret, who had risen very early in the middle of the wintry dark, to see to some great washing or other household work, found,
  • 57.
    as was whisperedthrough the house, a candle nickering down in the socket upon the hall-table, and the house-door open. To blow out the last flickering flame, lest it should die in the socket and so foreshadow the extinction of the race, was Marg’ret’s first alarmed precaution; and then she shut the open door, but whether she saw or heard anything more nobody ever knew. A faint picture of this scene, the rising and falling of the dying light, the cold wind blowing in from the door, the wild darkness of the winter morning, with its belated stars in a frosty sky looking in, remained in the imagination of the family surrounding the name of Anne, which from that day was never pronounced in the house. Where she went or what became of her was supposed by the young ones to be absolutely unknown. But it is to be hoped that even Drumcarro, savage as he was, ascertained the fate of his daughter even while he cursed her. It came to be understood afterwards that she had married her doctor and was happy; but that not for a long time, nor to the sisters thus taught by the tremendous force of example what a dreadful thing it was to look at any upstart doctor or minister or insignificant person without a pedigree or pretensions like their own. This was the only shape in which love had come near the door of Drumcarro, and if there was a certain attraction even in the tragic mystery of the tale, there was not much encouragement for the others to follow Anne’s example, thus banished summarily and for ever from all relations with her family. Also from that time no doctor except the old man who had brought the children into the world was ever allowed to enter those sacred doors, nor any minister younger or more seductive than Mr. Pyper. As for other ineligible persons there were none in the country-side, so that Mary and Kirsteen were safe from temptation. And thus they went on from day to day and from year to year, in a complete isolation which poverty made imperative more even than circumstances, the only event that ever happened being the departure of a brother, or an unusually severe “attack” of their mother’s continued ever-enduring illness. They were not sufficiently educated nor sufficiently endowed to put them on a par with the few high-born ladies of the district, with whom alone they would have been allowed to associate; and there was native pride enough in themselves to prevent them from forming friendships with the farmers’ daughters, also very widely scattered and few in number, who, though the young ladies of Drumcarro were so little superior to themselves in any outward attribute, would have thought their acquaintance an honour. Nothing accordingly
  • 58.
    could exceed thedulness, the monotony of their lives, with no future, no occupation except their work as almost servants in their father’s house, no hope even of those vicissitudes of youth which sometimes in a moment change a young maiden’s life. All was bald and gray about them, everything but the scenery, in which, if there is nothing else, young minds find but an imperfect compensation. Mary indeed had a compensation of another kind in the comfortable apathy of a perfectly dull and stolid character, which had little need of the higher acquirements of life. But Kirsteen with her quick temper and high spirit and lively imagination was little adapted for a part so blank. She was one of those who make a story for themselves. CHAPTER VI. Marg’ret was perhaps the only individual in the world who dared to remonstrate with Mr. Douglas as to the neglect in which his daughters were losing their youth and all its pleasures and hopes. Aunt Eelen it is true made comments from time to time. She said: “Puir things, what will become of them when Neil’s deed? They’ve neither siller nor learning; and no chance of a man for one of them that I can see.” “And yet they’re bonnie lasses,” said the sympathetic neighbour to whom on her return home after Robbie’s departure she made this confidence. “Oh, they’re well enough, but with a silly mother and a father that’s just a madman, what can any person do for them?” Miss Eelen Douglas was not quite assured in her own mind that it was not her duty to do something for her young relations, and she took a great deal of pains to prove to herself that it was impossible. “What if you had them over at the New Year? There’s aye something going on, and the ball at the Castle.” “The ball at the Castle!” cried Miss Eelen with a scream. “And what would they put on to go to the ball at the Castle? Potato-bags and dishclouts? Na, na, I’m of his mind so far as that goes. If they cannot appear like Drumcarro’s daughters they are best at home.” “Bless me,” said the kind neighbour, “a bit white frock is no ruinous. If it was only for a summer Sabbath to go to the kirk in, they must have white frocks.” “Ruinous or no ruinous it’s more than he’ll give them,” said Miss Eelen, shutting up her thin lips as if they had been a purse. She was very decided
  • 59.
    that the whitefrocks could not come from her. And indeed her means were very small, not much more than was absolutely necessary to maintain her little house and the one maid who kept her old mahogany and her old silver up to the polish which was necessary. Naturally all her neighbours and her cousin Neil, who hoped to inherit from her, exaggerated Miss Eelen’s income. But though she was poor, she had a compunction. She felt that the white frocks ought to be obtained somehow, if even by the further pinching of her own already pinched living, and that the great chance of the ball at the Castle ought to be afforded to Drumcarro’s neglected girls. And she had to reason with herself periodically as to the impossibility of this, demonstrating how it was that she could not do it, that it was not her part to do it, that if the father and the mother saw no necessity, how was she, a cousin once removed, to take it upon her? For though they called her aunt she was in reality Neil Douglas of Drumcarro’s cousin and no more. Notwithstanding all these arguments a compunction was always present in Miss Eelen’s worn out yet not extinguished heart. “Besides,” she began again more briskly, “what would be the use? Ye’ll no suppose that Lord John or Lord Thomas would offer for Drumcarro’s lasses. They’re as good blood, maybe better; for it’s cauld watery stuff that rins in those young lads’ veins. But Neil Douglas is a poor man; if he had all or the half that rightly belongs to him, it would be anither matter. We’ll say nothing about that I’m a Douglas myself, and it just fires me up when I think of it. But right or wrong, as I’m saying, Drumcarro’s a poor man and it’s no in the Castle his lasses will find mates. And he’s a proud man. I think upon Anne, puir thing, and I cannot say another word. Na, na, it’s just a case where nobody can interfere.” “But Miss Anne’s very happy, and plenty of everything, as I hear.” “Happy, and her father’s doors closed upon her, and her name wiped out as if she were dead, far more than if she were dead! And bearing a name that no man ever heard of, her, a Douglas!” Miss Eelen’s gray cheek took on a flush of colour at the thought. She shook her head, agitating the little gray ringlets on her forehead. “Na, na,” she said, “I’m vexed to think upon the poor things—but I cannot interfere.” “Maybe their father, if you were to speak to him—” “Me speak to him! I would as soon speak to Duncan Nicol’s bull. My dear, ye ken a great deal,” said Miss Eelen with irony, “but ye do not ken
  • 60.
    the Douglases. Andthat’s all that can be said.” This, however, was not all that a more devoted friend, the only one they had who feared neither Drumcarro nor anything else in the world, in their interests, found to say. Marg’ret was not afraid of Drumcarro. Even she avoided any unnecessary encounter with “the auld slave-driver,” but when it was needful to resist or even to assail him she did not hesitate. And this time it was not resistance but attack. She marched into the laird’s room with her head held high, trumpets playing and banners flying, her broad white capstrings finely starched and streaming behind her with the impulse of her going, an unusual colour in her cheeks, her apron folded over one hand, the other free to aid the eloquence of her speech. Several months had passed in great quiet, the little stir of Robbie’s departure having died away along with the faint excitement of the preparations for his departure, the making of his linen, the packing of his portmanteaux. All had relapsed again into perfect dulness and the routine of every day. Jamie, the next boy, was only fourteen; a long time must elapse before he was able to follow his brother into the world, and until his time should come there was no likelihood of any other event stirring the echoes at Drumcarro. As for Marg’ret, the routine was quite enough for her. To think what new variety of scone she could make for their tea, how she could adapt the remains of the grouse to make a little change, or improve the flavour of the trout, or com-pound a beef-tea or a pudding which would tempt her mistress to a spoonful more, was diversion enough for Marg’ret among the heavier burdens of her work. But the bairns—and above all Kirsteen, who was her special darling. Kirsteen had carried her head very high after Robbie went away. She had been full of musings and of dreams, she had smiled to herself and sung to herself fragments of a hundred little ditties, even amid the harassments of her sick mother’s incessant demands, and all the dulness of her life. But after a month or two that visionary delight had a little failed, the chill of abandonment, of loneliness, of a life shut out from every relaxation, had ceased to be neutralized by the secret inspiration which kept the smile on her lips and the song in her heart. Kirsteen had not forgotten the secret which was between her and Ronald, or ceased to be sustained by it; but she was young, and the parting, the absence, the silence had begun to tell upon her. He was gone; they were all gone, she said to herself. With everything in the world to sustain the young sufferer, that chill of absence is always a sad one. And her cheerfulness, if not her courage, had flagged. Her heart and
  • 61.
    her head haddrooped in spite of herself. She had been found moping in corners, “thinking,” as she had said, and she had been seen with her eyes wet, hastily drying the irrepressible tears. “Kirsteen greetin’!” One of the boys had seen it, and mocked her with a jibe, of which afterwards he was much ashamed; and little Jeanie had seen it, and had hurried off awestricken to tell Marg’ret, “Kirsteen was in the parlour, just with nobody, and greetin’ like to break her heart.” “Hoot awa’ with ye, it’ll be that auld pain in her head,” said Marg’ret sending the little girl away. But this report brought affairs to a crisis. “The bairn shall not just be left to think and think,” she said to herself, adding however prudently, “no if I can help it.” Marg’ret had managed one way or other to do most things she had set her heart upon, but upon this she could not calculate. Drumcarro was not a man to be turned easily from his evil ways. He was a “dour man.” The qualities which had enabled him in the face of all discouragement to persevere through failure and disappointment until he had at last gained so much if no more and become Drumcarro, were all strong agents against the probability of getting him to yield now. He had his own theories of his duty, and it was not likely that the representations of his housekeeper would change them. Still Marg’ret felt that she must say her say. He was seated by himself in the little room which was specially his own, in the heaviness of the afternoon. Dinner was over, and the air was still conscious of the whisky and water which had accompanied it. A peat fire burned with an intense red glow, and his chair and shabby writing-table were drawn close to it. No wonder then that Drumcarro dozed when he retired to that warm and still seclusion. Marg’ret took care not to go too soon, to wait until the afternoon nap was over; but the laird’s eyes were still heavy when she came in. He roused himself quickly with sharp impatience; though the doze was habitual he was full of resentment at any suspicion of it. He was reading in his room; this was the version of the matter which he expected to be recognized in the family: a man nowadays would say he had letters to write, but letters were not so universal an occupation then. A frank or an opportunity, a private hand, or sure messenger with whom to trust the missive were things of an occasional occurrence which justified correspondence; but it was not a necessity of every day. Mr. Douglas made no pretence of letters. He was reading; a much crumpled newspaper which had already passed through several hands was spread out on the table before
  • 62.
    him. It wasa Glasgow paper, posted by the first reader the day after publication to a gentleman on Loch Long, then forwarded by him to Inveralton, thence to Drumcarro. Mr. Pyper at the Manse got it at fourth hand. It would be difficult to trace its wanderings after that. The laird had it spread upon his table, and was bending over it, winking one eye to get it open when Marg’ret pushed open the door. She did not knock, but she made a great deal of noise with the handle as she opened it, which came to much the same thing. “Well,” he said, turning upon her snappishly, “what may ye be wanting now?” “I was wanting—just to say something to ye, Drumcarro, if it’s convenient to ye,” Marg’ret said. “What do ye want? That’s your way of asking, as I know well. What ails ye now, and what long story have ye to tell? The sooner it’s begun the sooner it will be ended,” he said. “There is truth in that,” replied Marg’ret sedately; “and I canna say I am confident ye will be pleased with what I am going to say. For to meddle between a father and his bairns is no a pleasant office, and to one that is but a servant in the house.” “And who may this be,” said Mr. Douglas grimly, “that is coming to interfere between a father and his bairns,—meaning me and my family, as I’m at liberty to judge?” Marg’ret looked her master in the face, and made him a slight but serious curtsey. “ ’Deed, sir, it’s just me,” she said. “You!” said the laird with all the force of angry indignation which he could throw into his voice. He roused himself to the fray, pushing up his spectacles upon his forehead. “You’re a bonny one,” he said, “to burst into a gentleman’s private room on whatever errand—let alone meddling in what’s none of your concerns.” “If ye think sae, sir,” said Marg’ret, “that’s just anither point we dinna agree about; for if there’s a mair proper person to speak to ye about your bairns than the person that has brought them up, and carried them in her arms, and made their parritch and mended their clo’es all their life, I’m no acquaint with her. Eh, me, what am I saying? There is anither that has a better right—and that’s their mother. But she’s your wife, puir lamb, and ye
  • 63.
    ken weel thatye’ve sae dauntened her, and sae bowed her down, that if ye were to take a’ their lives she would never get out a word.” “Did she send ye here to tell me so?” cried Drumcarro. “But me,” said Marg’ret, unheeding the question, “I’m no to be dauntened neither by words nor looks. I’m nae man’s wife, the Lord be thankit.” “Ye may well say that,” said the laird, seizing an ever-ready weapon, “for it’s well known ye never could get a man to look the way ye were on.” Marg’ret paused for a moment and contemplated him, half moved by the jibe, but with a slight wave of her hand put the temptation away. “I’m no to be put off by ony remarks ye can make, sir,” she said; “maybe ye think ye ken my affairs better than I do, for well I wot I ken yours better than you. You’re no an ill father to your lads. I would never say sae, for it wouldna be true; ye do your best for them and grudge naething. But the lassies are just as precious a gift from their Maker as their brothers, and what’s ever done for them? They’re just as neglecktit as the colley dogues: na, far mair, for the colleys have a fine training to make them fit for their work—whereas our young ladies, the Lord bless them—” “Well,” said the father sharply, “and what have you to do with the young ladies? Go away with you to your kitchen, and heat your girdle and make your scones. That’s your vocation. The young ladies I tell ye are no concern of yours.” “Whose concern should they be when neither father nor mother take ony heed?” said Marg’ret “Maister Douglas, how do you think your bonnie lads would have come through if they had been left like that and nobody caring? There’s Miss Kirsteen is just as clever and just as good as any one o’ them; but what is the poor thing’s life worth if she’s never to see a thing, nor meet a person out of Drumcarro House? Ye ken yoursel’ there’s little company in Drumcarro House—you sitting here and the mistress maybe in her bed, and neither kin nor friend to say a pleasant word. Lord bless us a’! I’m twice her age and mair: but I would loup ower the linn the first dark day, if I was like that lassie without the sight of a face or the sound of a voice of my ain kind.” “You’re just an auld fool,” said Drumcarro, “the lassie is as well off as any lassie needs to be. Kirsteen—oh ay, I mind now, ye have always made a
  • 64.
    pet of Kirsteen.It’s maybe that that has given her her bold tongue and set that spark in her eye.” “Na,” said Marg’ret, “it was just her Maker did that, to make her ane of the first in the land if them she belongs to dinna shut her up in a lonesome glen in a dull hoose. But naebody shall say I’m speaking for Kirsteen alone; there’s your bonny little Jeanie that will just be a beauty. Where she got it I canna tell, ony mair than I can tell where Kirsteen got her grand spirit and yon light in her ee. No from her poor mother, that was a bonny bit thing in her day, but never like that. Jeanie will be just the flower o’ the haill country-side, if ye can ca’ it a country-side that’s a’ howkit out into glens and tangled with thae lochs and hills. If she were in a mair open country there’s no a place from Ayr to Dumfries but would hear of her for her beauty in twa or three years’ time. Ye may say beauty’s but skin deep, and I’m saying nothing to the contrary; but it’s awfu’ pleasant to the sight of men; and I’ll just tell you this, Drumcarro—though it’s maybe no a thing that’s fit for me to say—there’s no a great man in a’ the land that bairn mightna marry if she had justice done her. And maybe that will move ye, if naething else will.” A gleam had come into Drumcarro’s eyes as she spoke, but he answered only by a loud and harsh laugh, leaning back in his chair and opening wide a great cavern of a mouth. “The deil’s in the woman for marrying and giving in marriage!” he said. “A bit lassie in a peenny? It’s a pity the Duke marriet, Marg’ret, but it cannot be mended. If she’s to get a prince he’ll come this way when she’s old enough. We’ll just wait till that time comes.” “The time has come for the rest, if no for her,” said Marg’ret, unexpectedly encouraged by this tone. “And eh? if ye would but think, they’re young things, and youth comes but ance in a lifetime, and ye can never win it back when it’s past. The laddies, bless them, are all away to get their share; the lassies will never get as much, but just a bit triflin’ matter— a white gown to go to a pairty, or a sight of Glasgow, or—” “The woman’s daft!” said the laird. “Glasgow! what will they do there? a white gown! a fiddlestick—what do they want that they haven’t got—plenty of good meat, and a good roof over their heads, and nothing to do for’t but sew their seams and knit their stockings and keep a pleasant tongue in their heads. If ye stir up nonsense among them, I’ll just turn ye bag and baggage out of my house.”
  • 65.
    “I would adviseye to do that, sir,” said Marg’ret calmly. “I’ll no need a second telling. And ye’ll be sorry but ance for what ye have done, and that’ll be a’ your life.” “Ye saucy jade!” said the laird: but though he glared at her with fiery eyes, he added no more on this subject. “The lassies!” he said, “a pingling set aye wanting something! To spend your money on feeding them and clothing them, that’s not enough it would appear! Ye must think of their finery, their parties and their pleasures. Tell Kirsteen she must get a man to do that for her. She’ll have no nonsense from me.” “And where is she to get a man? And when she has gotten a man—the only kind that will come her gait—” Mr. Douglas rose up from his chair, and shook his clenched first. Rage made him dumb. He stammered out an oath or two, incapable of giving vent to the torrent of wrath that came to his lips. But Marg’ret did not wait till his utterances became clear. CHAPTER VII. This was one of the days when Mrs. Douglas thought she felt a little better, and certainly knew it was very dull in her bed-room, where it was not possible to keep even Kirsteen stationary all day, so she had ventured to come down stairs after the heavy midday dinner which filled the house with odours. A little broth, served with what was considered great delicacy in Drumcarro in a china dish on a white napkin, had sufficed for her small appetite; and when everything was still in the house, in partial somnolence after the meal, she had been brought to the parlour with all her shawls and cushions, and established by the fire. The news of the great ball at the Castle which had moved Marg’ret to the desperate step she had just taken had its effect in the parlour too. Kirsteen who had said at first proudly, “What am I heeding?” had, notwithstanding everything, begun to wake up a little to the more usual sensations of a girl of twenty when any great event of this description is about to take place. It would be bonny to see—it would be fine just for once to be in grand company like the old Douglases her forbears, and to see how the lords and ladies behaved themselves, if they were really so different from common folk. And then Kirsteen began to think of the music and the sound of the dancers’ feet upon the floor, in spite of herself—and the imaginary strains went to her head. She was caught in
  • 66.
    the measure ofher dreams, swaying a little involuntarily to keep time, and interjecting a real step, a dozen nimble twinklings of her feet in their strong country shoes as she went across the room to fetch a new clew for her mother’s knitting. “What’s that you’re doing, Kirsteen, to shake the whole place?” said Mrs. Douglas. “Oh, it’s just nothing, mother.” “She’s practising her steps,” said Mary, “for the grand ball.” “Dear me, dear me,” Mrs. Douglas said. “How well I know by myself! Many’s the time I’ve danced about the house so that nothing would keep me still—but ye see what it all comes to. It’s just vanity and maybe worse than vanity—and fades away like the morning dew.” “But, mother,” said Kirsteen, “it was not your dancing nor the pleasure you’ve had that made you ill; so we cannot say that’s what it comes to.” “Pleasure!” said her mother. “It’s very little pleasure I have had in my life since I marriet your father and came to this quiet place. Na, na, it’s no pleasure—I was very light-hearted in my nature though you would not think it. But that’s a thing that cannot last.” “But you had it, mother,” said Mary, “even if it was short. There was that ball you went to when you were sixteen, and the spangled muslin you had on, and the officer that tore it with his spurs.” Mrs. Douglas’s eyes lit up with a faint reflection of bygone fire. “Eh, that spangled muslin,” she said, “I’ll never forget it, and what they all said to me when I came home. It was not like the grand gowns that are the fashion now. It was one of the last of the old mode before those awfu’ doings at the French Revolution that changed everything. My mother wore a hoop under her gown standing out round her like a cart-wheel. I was not old enough for that; but there was enough muslin in my petticoat to have made three of these bit skimpit things.” “I just wish,” said Mary with a sigh, “that we had it now.” “It would be clean out of the fashion if ye had it; and what would ye do with a spangled muslin here? Ye must have parties to go to, before ye have any need for fine cla’es.” Mary breathed again that profound sigh. “There’s the ball at the Castle,” she said.