Book Image

Hands-On Security in DevOps

By : Tony Hsiang-Chih Hsu
Book Image

Hands-On Security in DevOps

By: Tony Hsiang-Chih Hsu

Overview of this book

DevOps has provided speed and quality benefits with continuous development and deployment methods, but it does not guarantee the security of an entire organization. Hands-On Security in DevOps shows you how to adopt DevOps techniques to continuously improve your organization’s security at every level, rather than just focusing on protecting your infrastructure. This guide combines DevOps and security to help you to protect cloud services, and teaches you how to use techniques to integrate security directly in your product. You will learn how to implement security at every layer, such as for the web application, cloud infrastructure, communication, and the delivery pipeline layers. With the help of practical examples, you’ll explore the core security aspects, such as blocking attacks, fraud detection, cloud forensics, and incident response. In the concluding chapters, you will cover topics on extending DevOps security, such as risk assessment, threat modeling, and continuous security. By the end of this book, you will be well-versed in implementing security in all layers of your organization and be confident in monitoring and blocking attacks throughout your cloud services.
Table of Contents (23 chapters)

Summary

We have discussed secure coding industry best practices, such as CERT, CWE, Android secure coding, OWASP Code Review, and the Apple secure coding guide. Based on those secure coding rules, we established secure coding baselines as part of the security policy and release criteria. To allow the team to be familiar with secure coding, a training portal was prepared. It was suggested that the secure coding knowledge portal should provide not only coding rules but also case studies.

To apply secure coding to developers' daily tasks, secure coding tools must be adopted. We evaluated secure coding tools, taking into account usability, budget, programming language support, detection rates, and scanning rule maintenance. To evaluate the detection rate of a scanning tool, we also introduced some vulnerable projects that can be used as testing projects.

Secure coding rules and...