Udvidet returret til d. 31. januar 2025

Implementing DevSecOps Practices - Vandana Verma Sehgal - Bog

Bag om Implementing DevSecOps Practices

Get to grips with application security, secure coding, and DevSecOps practices to implement in your development pipelineKey FeaturesUnderstand security posture management to maintain a resilient operational environment Master DevOps security and blend it with software engineering to create robust security protocols Adopt the left-shift approach to integrate early-stage security in DevSecOps Purchase of the print or Kindle book includes a free PDF eBook Book Description DevSecOps is built on the idea that everyone is responsible for security, with the goal of safely distributing security decisions at speed and scale to those who hold the highest level of context. This practice of integrating security into every stage of the development process helps improve both the security and overall quality of the software. This book will help you get to grips with DevSecOps and show you how to implement it, starting with a brief introduction to DevOps, DevSecOps, and their underlying principles. After understanding the principles, you'll dig deeper into different topics concerning application security and secure coding before learning about the secure development lifecycle and how to perform threat modeling properly. You'll also explore a range of tools available for these tasks, as well as best practices for developing secure code and embedding security and policy into your application. Finally, you'll look at automation and infrastructure security with a focus on continuous security testing, infrastructure as code (IaC), protecting DevOps tools, and learning about the software supply chain. By the end of this book, you'll know how to apply application security, safe coding, and DevSecOps practices in your development pipeline to create robust security protocols.What you will learnFind out how DevSecOps unifies security and DevOps, bridging a significant cybersecurity gap Discover how CI/CD pipelines can incorporate security checks for automatic vulnerability detection Understand why threat modeling is indispensable for early vulnerability identification and action Explore chaos engineering tests to monitor how systems perform in chaotic security scenarios Find out how SAST pre-checks code and how DAST finds live-app vulnerabilities during runtime Perform real-time monitoring via observability and its criticality for security management Who this book is for This book is for DevSecOps engineers and application security engineers. Developers, pentesters, and information security analysts will also find plenty of useful information in this book. Prior knowledge of the software development process and programming logic is beneficial, but not required.Table of ContentsIntroducing DevSecOps DevSecOps Principles Understanding the Security Posture Understanding Observability Understanding Chaos Engineering Continuous Integration and Continuous Deployment Threat Modeling Software Composition Analysis (SCA) Static Application Security Testing (SAST) Infrastructure-as-Code (IaC) Scanning Dynamic Application Security Testing (DAST) Setting Up a DevSecOps Program with Open Source Tools Licenses Compliance, Code Coverage, and Baseline Policies Setting Up a Security Champions Program Case Studies Conclusion

Vis mere
  • Sprog:
  • Engelsk
  • ISBN:
  • 9781803231495
  • Indbinding:
  • Paperback
  • Sideantal:
  • 258
  • Udgivet:
  • 22. december 2023
  • Størrelse:
  • 191x14x235 mm.
  • Vægt:
  • 489 g.
  • 2-4 uger.
  • 13. december 2024
På lager

Normalpris

  • BLACK NOVEMBER

Medlemspris

Prøv i 30 dage for 45 kr.
Herefter fra 79 kr./md. Ingen binding.

Beskrivelse af Implementing DevSecOps Practices

Get to grips with application security, secure coding, and DevSecOps practices to implement in your development pipelineKey FeaturesUnderstand security posture management to maintain a resilient operational environment
Master DevOps security and blend it with software engineering to create robust security protocols
Adopt the left-shift approach to integrate early-stage security in DevSecOps
Purchase of the print or Kindle book includes a free PDF eBook
Book Description
DevSecOps is built on the idea that everyone is responsible for security, with the goal of safely distributing security decisions at speed and scale to those who hold the highest level of context. This practice of integrating security into every stage of the development process helps improve both the security and overall quality of the software. This book will help you get to grips with DevSecOps and show you how to implement it, starting with a brief introduction to DevOps, DevSecOps, and their underlying principles.
After understanding the principles, you'll dig deeper into different topics concerning application security and secure coding before learning about the secure development lifecycle and how to perform threat modeling properly. You'll also explore a range of tools available for these tasks, as well as best practices for developing secure code and embedding security and policy into your application. Finally, you'll look at automation and infrastructure security with a focus on continuous security testing, infrastructure as code (IaC), protecting DevOps tools, and learning about the software supply chain.
By the end of this book, you'll know how to apply application security, safe coding, and DevSecOps practices in your development pipeline to create robust security protocols.What you will learnFind out how DevSecOps unifies security and DevOps, bridging a significant cybersecurity gap
Discover how CI/CD pipelines can incorporate security checks for automatic vulnerability detection
Understand why threat modeling is indispensable for early vulnerability identification and action
Explore chaos engineering tests to monitor how systems perform in chaotic security scenarios
Find out how SAST pre-checks code and how DAST finds live-app vulnerabilities during runtime
Perform real-time monitoring via observability and its criticality for security management
Who this book is for
This book is for DevSecOps engineers and application security engineers. Developers, pentesters, and information security analysts will also find plenty of useful information in this book. Prior knowledge of the software development process and programming logic is beneficial, but not required.Table of ContentsIntroducing DevSecOps
DevSecOps Principles
Understanding the Security Posture
Understanding Observability
Understanding Chaos Engineering
Continuous Integration and Continuous Deployment
Threat Modeling
Software Composition Analysis (SCA)
Static Application Security Testing (SAST)
Infrastructure-as-Code (IaC) Scanning
Dynamic Application Security Testing (DAST)
Setting Up a DevSecOps Program with Open Source Tools
Licenses Compliance, Code Coverage, and Baseline Policies
Setting Up a Security Champions Program
Case Studies
Conclusion

Brugerbedømmelser af Implementing DevSecOps Practices



Gør som tusindvis af andre bogelskere

Tilmeld dig nyhedsbrevet og få gode tilbud og inspiration til din næste læsning.