Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Hands-On Security in DevOps
  • Table Of Contents Toc
Hands-On Security in DevOps

Hands-On Security in DevOps

By : Hsu
3.3 (13)
Buy this Book
close
close
Hands-On Security in DevOps

Hands-On Security in DevOps

3.3 (13)
By: Hsu
Buy this Book

Overview of this book

DevOps has provided speed and quality benefits with continuous development and deployment methods, but it does not guarantee the security of an entire organization. Hands-On Security in DevOps shows you how to adopt DevOps techniques to continuously improve your organization’s security at every level, rather than just focusing on protecting your infrastructure. This guide combines DevOps and security to help you to protect cloud services, and teaches you how to use techniques to integrate security directly in your product. You will learn how to implement security at every layer, such as for the web application, cloud infrastructure, communication, and the delivery pipeline layers. With the help of practical examples, you’ll explore the core security aspects, such as blocking attacks, fraud detection, cloud forensics, and incident response. In the concluding chapters, you will cover topics on extending DevOps security, such as risk assessment, threat modeling, and continuous security. By the end of this book, you will be well-versed in implementing security in all layers of your organization and be confident in monitoring and blocking attacks throughout your cloud services.
Table of Contents (23 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Get in touch
Lock Free Chapter
1
DevSecOps Drivers and Challenges
Icon
DevSecOps Drivers and Challenges
Icon
Security compliance
Icon
Legal and security compliance
Icon
New technology (third-party, cloud, containers, and virtualization)
Icon
Cloud services hacks/abuse
Icon
Rapid release
Icon
Summary
Icon
Questions
Icon
Further reading
2
Security Goals and Metrics
chevron up
Icon
Security Goals and Metrics
Icon
Organization goal
Icon
Development goal/metrics
Icon
QA goal/metrics
Icon
Operation goal/metrics
Icon
Summary
Icon
Questions
Icon
Further reading
3
Security Assurance Program and Organization
Icon
Security Assurance Program and Organization
Icon
Security assurance program
Icon
Security growth with business
Icon
Role of a security team in an organization
Icon
Case study – a matrix, functional, or taskforce structure
Icon
Summary
Icon
Questions
Icon
Further reading
4
Security Requirements and Compliance
Icon
Security Requirements and Compliance
Icon
Security requirements for the release gate
Icon
Security requirements for web applications
Icon
Security requirements for big data
Icon
Privacy requirements for GDPR
Icon
Summary
Icon
Questions
Icon
Further reading
5
Case Study - Security Assurance Program
Icon
Case Study - Security Assurance Program
Icon
Security assurance program case study
Icon
Security training and awareness
Icon
Security culture
Icon
Web security frameworks
Icon
Baking security into DevOps
Icon
Summary
Icon
Questions
Icon
Further reading
6
Security Architecture and Design Principles
Icon
Security Architecture and Design Principles
Icon
Security architecture design principles
Icon
Security framework
Icon
Web readiness for privacy protection
Icon
Login protection
Icon
Cryptographic modules
Icon
Input validation and sanitization
Icon
Data masking
Icon
Data governance – Apache Ranger and Atlas
Icon
Third-party open source management
Icon
Summary
Icon
Questions
Icon
Further reading
7
Threat Modeling Practices and Secure Design
Icon
Threat Modeling Practices and Secure Design
Icon
Threat modeling practices
Icon
Threat modeling with STRIDE
Icon
Diagram designer tool
Icon
Card games
Icon
Threat library references
Icon
Case study – formal documents or not?
Icon
Secure design
Icon
Summary
Icon
Questions
Icon
Further reading
8
Secure Coding Best Practices
Icon
Secure Coding Best Practices
Icon
Secure coding industry best practices
Icon
Establishing secure coding baselines
Icon
Secure coding awareness training
Icon
Tool evaluation
Icon
Tool optimization
Icon
High-risk module review
Icon
Manual code review tools
Icon
Secure code scanning tools
Icon
Secure compiling
Icon
Common issues in practice
Icon
Summary
Icon
Questions
Icon
Further reading
9
Case Study - Security and Privacy by Design
Icon
Case Study - Security and Privacy by Design
Icon
Case study background
Icon
Secure architecture review
Icon
Privacy by design
Icon
Summary of security and privacy frameworks
Icon
Third-party component management
Icon
Summary
Icon
Questions
Icon
Further reading
10
Security-Testing Plan and Practices
Icon
Security-Testing Plan and Practices
Icon
Security-testing knowledge kit
Icon
Security-testing plan templates
Icon
Web security testing
Icon
Privacy
Icon
Security-testing domains
Icon
Thinking like a hacker
Icon
Security-Training environment
Icon
Summary
Icon
Questions
Icon
Further reading
11
Whitebox Testing Tips
Icon
Whitebox Testing Tips
Icon
Whitebox review preparation
Icon
Viewing the whole project
Icon
High-risk module
Icon
Whitebox review checklist
Icon
Top common issues
Icon
Secure coding patterns and keywords
Icon
Case study – Java struts security review
Icon
Summary
Icon
Questions
Icon
Further reading
12
Security Testing Toolkits
Icon
Security Testing Toolkits
Icon
General security testing toolkits
Icon
Automation testing criteria
Icon
Behavior-driven security testing framework
Icon
Android security testing
Icon
Securing infrastructure configuration
Icon
Docker security scanning
Icon
Integrated security tools
Icon
Summary
Icon
Questions
Icon
Further reading
13
Security Automation with the CI Pipeline
Icon
Security Automation with the CI Pipeline
Icon
Security in continuous integration
Icon
Security practices in development
Icon
Web testing in proactive/proxy mode
Icon
Web automation testing tips
Icon
Security automation in Jenkins
Icon
Summary
Icon
Questions
Icon
Further reading
14
Incident Response
Icon
Incident Response
Icon
Security incident response process
Icon
SOC team
Icon
Incident forensics techniques
Icon
Summary
Icon
Questions
Icon
Further reading
15
Security Monitoring
Icon
Security Monitoring
Icon
Logging policy
Icon
Security monitoring framework
Icon
Source of information
Icon
Threat intelligence toolset
Icon
Security scanning toolset
Icon
Malware behavior matching – YARA
Icon
Summary
Icon
Questions
Icon
Further reading
16
Security Assessment for New Releases
Icon
Security Assessment for New Releases
Icon
Security review policies for releases
Icon
Security checklist and tools
Icon
BDD security framework
Icon
Consolidated testing results
Icon
Summary
Icon
Questions
Icon
Further reading
17
Threat Inspection and Intelligence
Icon
Threat Inspection and Intelligence
Icon
Unknown threat detection
Icon
Indicators of compromises
Icon
Security analysis using big data frameworks
Icon
Summary
Icon
Questions
Icon
Further reading
18
Business Fraud and Service Abuses
Icon
Business Fraud and Service Abuses
Icon
Business fraud and abuses
Icon
Business risk detection framework
Icon
PCI DSS compliance
Icon
Summary
Icon
Questions
Icon
Further reading
19
GDPR Compliance Case Study
Icon
GDPR Compliance Case Study
Icon
GDPR security requirement
Icon
Case studies
Icon
Summary
Icon
Questions
Icon
Further reading
20
DevSecOps - Challenges, Tips, and FAQs
Icon
DevSecOps - Challenges, Tips, and FAQs
Icon
DevSecOps for security management
Icon
DevSecOps for the development team
Icon
DevSecOps for the testing team
Icon
DevSecOps for the operations team
Icon
Summary
Icon
Further reading
21
Assessments
Icon
Assessments
Icon
Chapter 1
Icon
Chapter 2
Icon
Chapter 3
Icon
Chapter 4
Icon
Chapter 5
Icon
Chapter 6
Icon
Chapter 7
Icon
Chapter 8
Icon
Chapter 9
Icon
Chapter 10
Icon
Chapter 11
Icon
Chapter 12
Icon
Chapter 13
Icon
Chapter 14
Icon
Chapter 15
Icon
Chapter 16
Icon
Chapter 17
Icon
Chapter 18
Icon
Chapter 19
22
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review - let other readers know what you think

Security Goals and Metrics

In the previous chapter, we discussed the challenges and the business drivers for DevSecOps. In this chapter, we will discuss security goals and metrics. The adoption of DevSecOps is a continuous learning journey and takes lots of stakeholder involvement, process optimization, business priority conflict, customization of security tools, and security knowledge learning. This chapter will give you some hands-on tips, challenges, and common practices based on a functional role perspective, and will also look at GDPR as an example to explain how to do a privacy impact assessment.

We will cover the following topics in this chapter:

  • Organization goal
  • Development goal/metrics
  • QA goals/metrics
  • Operation goal/metrics
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Hands-On Security in DevOps
End of Section 2
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon